1

I just received a mail from my boss saying someone with my mail has send some request for money. I is kinda serious and I know it is easy to spoof a mail, but the mail is myname@mycompany.com. So my question is, does the one spoofing the mail has to have the @mycompany.com user name and password?

TLDR: if someone mimics my company mail, does he need to be part of the company to do so? does he need a company mail

Thank you for reading.

AlCode
  • 121
  • 4

1 Answers1

1

TLDR: if someone mimics my company mail, does he need to be part of the company to do so? does he need a company mail

Maybe.

The question is, is your company mail server configured to reject mail coming in from the outside with From: addresses containing @mycompany.com? If so, then the attacker needs to be on your company network to spoof email from your boss to you. If not, then anyone can send that email and tack your boss's name on it.

The more common case is that mail servers are permissive, and do not block email from the outside with a "local" From: address.

You can look at the Received: headers to see what path the mail took to you (bearing in mind the attacker can prepend fake ones, but those starting with your mail server are generally reliable.)

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • Thank you very much, this is an answer I needed, since we allow external access and our mail is hosted at Gmail, can The Gmail Admin see the Received Headers? – AlCode Nov 24 '15 at 15:49
  • 2
    Anyone who can see the email can see the full headers; you don't need to be an admin. In the Gmail web interface, pull down the arrow at the top right and select "Show original". – Mike Scott Nov 24 '15 at 15:56