E-mail - Protect Yourself
Email security can be a real concern for a lot of people. One of the biggest issues is making sure that the only person able to read the e-mail you sent, is the person you intended to read it. Another issue is making sure that an email you received is valid, and not an impersonator.
Checking Headers
I mentioned in the Send Fake E-mail’s article that while you can obviously send fake e-mail’s, they can still be back tracked via the e-mail header. What happens is, when you send out an e-mail, the SMTP server that receives your e-mail (to deliver it to the user you sent the e-mail to), it keeps track of the IP address or hostname of who sent the request. So inside the e-mail header, is the IP or hostname of your server (or whereever you sent the e-mail from). That’s why sending fake e-mail’s to friends who will get a laugh out of it isn’t no big deal, but doing anything criminal will get you easily caught.
So now let me show you what a sample header looks like in case you want to protect yourself sometimes when you think an e-mail you received seems a bit fishy and you want to verify the source.
Received: from [your_servers_ip_address] by yoursmtpserverhostname.com via HTTP; Mon, 30 Apr 2012 23:38:24 PDT
Date: Mon, 30 Apr 2012 23:38:24 -0700 (PDT)
From: Bill Gates <billgates@microsoft.com>
Reply-To: Bill Gates<billgates@microsoft.com>
Subject: I want to hire you!
To: “victim@yahoo.com” <victim@yahoo.com>
I stripped out some of the unimportant stuff, but as you can see from the above example that even though the e-mail address looks correct (the yellow text), the IP address and hostname the message was sent by is shown (in the red). Meaning, let’s say you impersonated someone. If they found out you did, they could simply refer back to this and see your server. And even if it’s not your home server, they can contact the hosting company you used and bust you through that. But now you understand what possibilities you have available at your disposable to protect yourself.
Basically, you can see what server sent an e-mail if you are worried about it’s authenticity, as well as being able to figure out who tricked you if someone were to pull a scam on you of some sort. That doesn’t mean it’ll be easy to find out exactly who it is and prosecute them, but you’ll have a much better chance. This isn’t an end all be all solution to e-mail security, but is one method in the toolbox.
Encryption (GPG)
GPG is a common way to encrypt things, especially things like E-mail messages. Follow along with the tutorial below if you want to learn how to send encrypted messages and files. But before you do so, go download GPG4Win here.