I was searching for a email newsletters software to send bulk emails. Searching few minutes on Google I found an appropriate software. The software was good & did what exactly I wanted to. As I do normally, I started checking each & every option of the software.
In Preferences of that software, there was “Sender Options”, where you will give sender’s email ID & name. When I used this first time I used my actual email ID. Just got bit curious about that option, I entered a non real email ID (anything that came to mind) & sent a mail to my gmail. Shocked! in a second I received that mail in gmail with from email ID exactly as entered in “Sender Options” of the software. Here I will show you how exactly it worked with screenshots:
1. As you see in below screenshot, I have given email ID as [email protected] & name as Google.
2. I composed a mail & sent it to my gmail & Yahoo IDs
3. The mail got into my inbox in seconds:
I got this email in my gmail inbox & Yahoo! identified it as Spam. But in this email, no way you can find out it is sent by someone else & not Google. This means you can enter whatever you want in “Sender Options” of the software & send mails. You can enter your boss’s ID, your cousin’s, a bank’s…..whatever. I think you already realized how dangerous this could be. Without hacking anything, any password of email accounts you can use other’s email IDs (identity) for whatever kind of emails. But in gmail still there is a way to find out that is a fake email. When you open a mail in gmail, click “Show Details”. You can find “mailed by & “signed by” information there.
These two info is missing in emails which I sent using that software. But a very less people will look into these options. I am not a hacker & don’t know what’s happening in the background. But I think major email providers should have any algorithm to find out these kind of mails & should block them. Yahoo! even found it as spam, if recipient looks into spam folder & finds sender is known to him, he/she will definitely mark it as “Not a spam”.
Few more Screenshots
Since many of readers got confused with post, am posting more two screenshots. This time I enter my cousin’s email ID as sender & I will send a mail asking credit card details.
But my cousin is not aware of this email & sent using a software by anyone (here it’s me) And it can also be made such that reply to this mail could go to some other email ID. Gmail is also showing online/offline status of sender & his profile picture on mouse over!
Here my cousin could never know somebody sent a mail like this using his identity.
Aw! This post has become too lengthy.
Name & information of the software I used is not disclosed in article for security reasons.