General Question

intro24's avatar

Can I (legally) do this with email?

Asked by intro24 (1434points) November 19th, 2014

Hi all, long time no see but good to be back on Fluther. I asked Reddit too so let’s see which community can stir up the better discussion.

Cause laws are tricky, I’m wondering the legal extent of email spoofing, which is making an email appear to come from an email address that I do not control. Particularly if that email address isn’t real. I’m in Indiana if it matters. Examples:

Example 1: I have a company and I want to email people on my subscription list. Say I own the domain mycompany.com but I don’t want to pay for email hosting (ex. noreply@mycompany.com). Since I control the domain and I don’t have any need to see my inbox it would make sense to spoof the email. Is it legal?

Example 2: I attend University X and I want to send some students a link to a survey but I don’t want to use my personal university email. Ignoring spamming concerns and university policy, could I legally spoof survey@x.edu if I know it isn’t already in use by the university? What if it is in use? What if I wanted to survey a different university than the one I attend?

Example 3: I’m planning an event for a friend. He doesn’t want to give me his email credentials but I need to send out the invites via his email. He gives me permission to spoof his personal email address for the sake of convenience. Can I do this legally?

Additionally, are these laws set by the state or federal government? At what point is email spoofing considered identity theft?

Observing members: 0 Composing members: 0

5 Answers

CWOTUS's avatar

Welcome (back) to Fluther.

I don’t know the laws about spoofing, but I would reckon that some will be coming along someday, if they don’t exist already.

While I’m sure that you don’t intend to defraud or threaten anyone (right?), then as long as the action that you’re taking is not inherently illegal, then the major risk is not a legal one, but a business / reputation issue. That is, people who find out that they’re being spoofed – and it’s not going to be an insignificant number of people – are going to wonder why this is happening. They’ll be apt to regard you as untrustworthy and that reputation is hard to get back.

I think you’d be on better ethical / reputational ground (and certainly unassailable from a legal perspective) if you send the email through a more regular route / method, and handle unwanted replies administratively or via filters on your email client. Better to be completely honest and aboveboard – if that’s your intent, anyway – than it would be to sow doubt in the minds of your receivers.

Technically, I don’t know how to spoof email addresses; it hasn’t been an interest of mine. I understand that the process isn’t difficult to learn or do, but I’ve had no desire to learn it or do it. It might be an interesting intellectual / technical process to play with, but I’ve got other things that interest me more.

janbb's avatar

Why not just create a new but valid e-mail address for that purpose only? I must be missing something here.

SavoirFaire's avatar

Email spoofing is only illegal when it constitutes fraud. Even the states with laws that explicitly discuss email spoofing categorize it as a form of fraud, so that is the relevant issue here.

Your first and third cases are both legal because you have the explicit permission of the domain or address holder (yourself in the first case, another person in the third). In fact, scenario three happens every time any sort of assistant sends out an email on behalf of their boss (think about emails that are presented as coming from your senator or from the president).

Your second case is much more likely to get you into trouble, however, because you would need the permission of the university in order to use an email address linked to their domain. It is also likely that you would need permission to send out a mass email on their servers.

dabbler's avatar

case 1) how are you actually going to send the email if you aren’t using your email host?

I think @SavoirFaire‘s analysis is correct, the first and third cases are no problem since you have the permission of the email address owner.
The second case is pretty iffy.

chewhorse's avatar

Yes, the problem in all cases is being able to use an email address that’s active.. bogus inactive emails won’t cut it.. There are sites on the net that offers bogus email addresses that’s active for approx. 10 minutes, used primiraly on sites that offer perks so long as you first sign-up thus these addresses allow you access anonymously without revealing this to them. The point is it generates an address at any time so to reverse this use can be done.. How legal it is (using it in the way you describe) I have no idea but it can be done in this manner.

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther