Questões de Concurso Público TCE-SP 2015 para Agente da Fiscalização Financeira - Infraestrutura de TI e Segurança da Informação
Foi encontrada 1 questão
E-mail Spoofing
E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. However, spoofing anyone other than yourself is illegal in some jurisdictions.
E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication mechanism. Although an SMTP service extension (specified in IETF RFC 2554) allows an SMTP client to negotiate a security level with a mail
server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that
appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn't write.
Although most spoofed e-mail falls into the “nuisance" category and requires little action other than deletion, the more malicious varieties can cause serious problems and security risks. For example, spoofed e-mail may purport to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers, or other personal information – any of which can be used for a variety of criminal purposes. One type of e-mail spoofing, self- sending spam, involves messages that appear to be both to and from the recipient.
(http://searchsecurity.techtarget.com/definition/em.... Adaptado)