Is email spoofing an acceptable practice? [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

This question does not appear to be about programming within the scope defined in the help center.

Closed 8 years ago.

Improve this question

My server needs to send emails on the behalf of my client, and the client wants this email to at least appear to originate from them.

The easy way is to just spoof the From address. The hard way is to get the client's username and password, and actually send from that account.

My questions are:

1. Will spoofed email trigger spam filters? (In my test, Apple Mail did not think it was spam.)

2. Is this considered a bad practice, or unethical, or in any way frowned upon?

The emails are going out only to people who have specifically and explicitly requested the email, and it will likely be a small number of people (less than one per day). We are not sending out spam at all.

Because this is an important client, I don't want to do anything that would reflect negatively on them (or myself).

Thanks. Hope this isn't too subjective.

Answer 1

Email spoofing is not completely preventable, since the basic protocols from email exchange don't verify anything.

This might help you decide: http://en.wikipedia.org/wiki/Email_spoofing

Which says historically: In the early Internet, "legitimately spoofed" email was common. For example, a visiting user might use the local organization's SMTP server to send email from the user's foreign address. Since most servers were configured as "open relays", this was a common practice. As spam email became an annoying problem, these sorts of "legitimate" uses fell out of favor.

I would think it is acceptable as long as the message is spoofed to a return address you would like people to respond to.

However, it would be more standard and appropriate to use email/pass. I suppose it depends on how difficult this would be in your situation, but if reasonably able, don't spoof.

You said: The emails are going out only to people who have specifically and explicitly requested the email, and it will likely be a small number of people (less than one per day).

If the email contents have perhaps a small footnote, I don't think it would be terrible. I have seen similar things from many companies. It's your decision.