T 5.73 Impersonation of wrong sender

It is relatively easy to specify a false sender when sending an email, since where the email comes from is usually not verified at all, but only where it is to be sent to when SMTP-based email is forwarded. Furthermore, many email clients allow you to enter any sender's information. This may result in damage if the recipient considers the information contained in the email authentic and binding.

Examples:

• The majority of the numerous spam emails filling the mailboxes of users on a daily basis are equipped with a forged sender's address.
• Some of the different email worms which have been making mischief in the Internet for several years use an address from the email address book of the user whose email program they have just infected as sender's address. This way, the next victims receive an email containing the worm from a known email address and therefore are more likely to open the email or even the infected attachment.
• Many commonly used email programs can be easily used to forward an email with forged sender's information to the email server without the password being verified. The email sent this way may be marked with "Unverified" in the "X-Sender" field in the absence of user authentication. However, experience shows that the majority of the recipients do not notice this, since these fields are normally not displayed by the majority of the email programs in the default configuration.