Can I spoof email?

I mean, if I would have my own SMTP (also, is it just about money or are there some limitations to running my own SMTP server?) and would just completely made up the mail (headers, spoofed IPs and everything) and then sent the mail, would there by something to stop me?

Can spammers use the phone number being called as their spoof number?

I originally bought Tasker several (5?) years ago to screen calls by: 1) blocked name/number–hang up 2) not in my contact list
3) family 4) friends (in my contact list but not family or Professionals) 5) Professionals 6) Previously blocked callers With the last few days I’ve received calls which ring in as family and the number is apparently the same as the number being called. Have you experienced that and is there anything that Tasker can do about it?

Suspicious spoof message through contact form pretending to be one of our employees

Yesterday we received this email message through the contact form of our website from a russian server:

9th of April – SPOOF MESSAGE:

Name: John Surname: Smith EMail: pii-041570bf82880909f0aefee159d41349b9f2904e5bed6b48478e1a5473432277 Company: MyCompany Phone: 1178322276 Message: I'm testing the contact form, please ignore. IP Address: Hostname: Location: 55.7527,37.6172 Organization: AS42610 PJSC Rostelecom City: Moscow Region: Moscow Country: RU Postal: 109548 

The strange part is that 30 days earlier one of our employees indeed sent this message to test the form was working properly:

13th of March – REAL MESSAGE:

Name: John Surname: Smith EMail: Company: MyCompany Phone: 1178322276 Message: I'm testing the contact form, please ignore. IP Address: Hostname: Location: -27.4806,-58.8341 Organization: AS7908 BT LATAM Venezuela, S.A. City:  Region: Corrientes Country: AR Postal:  

As you see the spoof message has the exact name, surname, company, phone and text content of the real one. How could the spoof sender determine this information?

Our site is hosted at an external hosting provider, and we are using PHPMailer, an Office365 account to send the message, and to get the sender information.

Thanks in advance!

How traffic exchange sites spoof http_referer (blank referer)


I am working on one project that's similar to traffic exchange or ptc site (but not 100% ptc or traffic exchange site). Where people will open sites like ptc or traffic exchange sites but problem is my site url is being forwarded as referral url for opened sites.

Many traffic exchange sites offer to hide http_referer. I want to know how they do this so I may add this function in my script. This method should work for all browsers.

Help me please.


DNS Spoof Adware

Someone recently boasted about adware which can inject ads from most networks, and using dns spoofing would make the providers think that the ads were on a website owned by me (i.e., while the ads are actually on a normal website (i.e. This sounds dubious to me, because most websites these days use https to prevent dns spoofing.

My questions:

  • Could this method work on http sites
  • Could this method work on https sites (somehow?)

I know the ISP’s did it to routers years ago, but that was before https. Anyways, thanks for your help, and have a good day!

What are the consequences if I spoof an IP address in the node_announcment message?

According to BOLT 07 the node accountment message looks like this:

  1. type: 257 (node_announcement)
  2. data:
    • [64:signature]
    • [2:flen]
    • [flen:features]
    • [4:timestamp]
    • [33:node_id]
    • [3:rgb_color]
    • [32:alias]
    • [2:addrlen]
    • [addrlen:addresses]

where the addresses are of the following form:

  • The following address descriptor types are defined:
    • 1: ipv4; data = [4:ipv4_addr][2:port] (length 6)
    • 2: ipv6; data = [16:ipv6_addr][2:port] (length 18)
    • 3: Tor v2 onion service; data = [10:onion_addr][2:port] (length 12)
      • version 2 onion service addresses; Encodes an 80-bit, truncated SHA-1 hash of a 1024-bit RSA public key for the onion service (a.k.a. Tor hidden service).
    • 4: Tor v3 onion service; data = [35:onion_addr][2:port] (length 37)
      • version 3 (prop224) onion service addresses; Encodes: [32:32_byte_ed25519_pubkey] || [2:checksum] || [1:version], where checksum = sha3(".onion checksum" | pubkey || version)[:2].

taking this into consideration I could announce my node to have the IP address of another existing lightning node or even some arbitrary IP address. While it is clear that no one could connect to me as I don’t control the IP address I wonder how the implementations would cope with such a behavior.

Even if implementations do not struggle with such spoofing an attacker could probably use this for fishing to trick a user into paying an invoice as it comes from a node_id that is connected to an IP-address from a well known service where the attacked person might even be a customer.

Is there anything else that could go wrong with such a spoofing behavior? Maybe there would even be benefits from it?

Can an attacker spoof content provider, backup manager or wallpaper manager in Android?

We need backup of SMS, Apps, device settings, wallpaper and contact of the device through our designed app.

So, Is it possible for an attacker to Spoof, tamper, Impersonate source data (SMS, device setting, contacts etc) though wallpaper manager, content provider, backup manager?