A spoof email is one that claims to come from one email address but actually comes from a completely different one. How can this happen?
There are two main sources of spoof:
1) An email worm. These mass mailing worms serve no purpose other than to show that their writer can clog up the internet and show off their (so called) abilities. The worm accesses the address book on an infected computer. It then sends emails (and copies of itself) to each address in the book. The trick is it uses one address to send the email to and another address to claim to be the sender. So the recipient receives a worm-ridden email that appears to come from a given email address. It doesn't. All you can tell from looking at the email is that it came from a computer whose address book contained both your email address and the apparent sender's address.
These worms are the cause of all those emails you've received as undeliverable that were sent to addresses you've never heard of. They simply show that the owner of the originating computer a) doesn't keep their address book up to date, and b) doesn't have effective anti-virus software installed
2) Phishing emails. Usually the sort that tell you that your bank is updating their software or has magically lost your details and needs you to enter all of them, sometimes including your credit card number please! There is usually a link to click that will take you to an imitation of the bank's website. But wait - look at the address bar of your web browser. Does that really look like the address of the Lloyds bank website: http://ww.bumisaranautama.com/lololo/www.lloydstsb.c om. Probably not.
Prevention of email spoofing is hard. The sort that are spread by worms can be easily prevented by making sure that your computer has effective antivirus software installed and that it is updating itself regularly. Omitting to renew your subscription and having a virus database that is 376 days old wont help you. Your antivirus software is only as good as the last time you updated it. New nasties appear every day.
Phishing emails can't be prevented by the average user. Keep your wits about you and if you are at all suspicious, and the email claims to come from your own bank, phone them. They wont mind, I know, I've done it.
