Warning added to message after writing:-
I am not sure if it is still possible to inject un-authenticated email into the internet now. Looking at the headers of a gmail to gmail message I recently received I observe many Authentication and signature fields with which I am not familiar.
Things seem to have changed over the last 10 years.
In the case of one particular mail we have:-
ARC-Seal:
ARC-Message-Signature:
ARC-Authentication-Results:
Authentication-Results:
DKIM-Signature:
Which appear to be associated with a cryptographic message authentication system.
I am still assuming that sender spoofing is possible and I try to take take appropriate care with all received emails.
Originally Posted by
wrmiles
I have been getting similar e-mails, but looking closely at the actual senders e-mail address, they are not coming from linkedin.
Please remember that "the actual senders e-mail address" is of course NOT the address of the actual sender.
The "From:" field in an email is exactly as secure as a "Return Address" on the back of an envelope. The sender can put anything at all they like in it.
You can't do this with gmail but if you have your own mail server you might be able to sort it out.
You can be pretty sure of an email's entry point into the White world if you trace back the hops as recorded in the header. Of course someone in the Black world can add arbitrary fake hops to the mail before sending it so you can only reliably trace back to the first "untrusted" server listed.
Any large email service provider will have for many years now been trying to filter rubbish but anyone can mount their own server and there are bound to be ways of getting stuff into the White world.
In the gmail web interface you can view the raw headers with "Show Original".