Hi,
I will tell you my own story and experience with email spoofing, two years ago i was setting up an intranet with a DSL connection for a hotel, the hotel owner didn't want to spend much on programming security so he told me to leave the mail server as open relay ... because there was a proxy (squid) in between he felt with acl rules will suffice, well a wekk after that someone was spoofing their domain, I noticed it because the name of the hotel domain was in between < "..." > and the real ip was masqueraded.
I traced the ips and where all origination from proxys, then after that he received 200,000 spoofed emails, so I convinced him to add a firewall and close the sendmail commands for open relay ...
Today i had another nasty experience i was cheking my own mail from my own domain and I got a mail from 'admin' telling me my email account is expiring, really weird because I control the email accounts, this is the first time it happens to me so I decided to change the password immediately. But i really want to know what kind of technique they used in order to do that, since i don't control the mail server rules, my host provider does, I don't know where the security flaw might be and how to prevent this in the future.
Thank you,
Rick Fitzgerald
CEO
Outlet Season LLC
http://www.outletseason.com