The sender of a racist email attacking Independent MP Kerryn Phelps has embedded a Liberal candidate's name in the email's metadata, in what the party said was clearly an attempted smear campaign against their candidate.

Key points: Experts said the metadata of an email being circulated about Wentworth MP Kerryn Phelps was likely manipulated

Experts said the metadata of an email being circulated about Wentworth MP Kerryn Phelps was likely manipulated The email falsely linked Dr Phelps with vaccination rates in the Jewish community and was peppered with errors

The email falsely linked Dr Phelps with vaccination rates in the Jewish community and was peppered with errors The metadata used the name "Livingston Chettipally", which is the name of a Liberal candidate, but he denied any link

The email clumsily outlined racist and anti-Semitic views, falsely linked Dr Phelps to vaccination rates in the Jewish community, was peppered with strange spelling and grammatical errors — and had likely had its metadata doctored, experts said.

It was sent to people around Australia with the subject line "we intend to cancel the booking due to measles outbreak", and urged voters to only support candidates of Indian heritage or Dave Sharma, who is running in the seat of Wentworth.

Social worker and father of two Livingston Chettipally is running as the Liberal candidate in the safe Labor seat of Chifley.

The name Livingston Chettipally was embedded in the metadata attached to the email, but experts said it was likely to have been inserted there intentionally.

The ABC is not suggesting Mr Chettipally or his campaign is linked to the emails or was responsible for sending them.

Mr Chettipally declined an interview request, but a spokeswoman for the NSW Liberal Party said it was "clearly an attempted smear campaign against him", and that he rejected any attempts to link him to the extremist views found in the email.

"[Mr Chettipally] has devoted himself to community and social services and is now running for the seat of Chifley — he is wholly unconnected to the campaign in Wentworth," the statement said.

"The metadata has clearly been altered to incriminate Mr Chettipally and it is unreasonable to seek his response in those circumstances."

Do you know more about this story? Email investigations@abc.net.au

Both Liberal candidate for Wentworth Dave Sharma and Kerryn Phelps have reported the email to the Australian Federal Police (AFP) citing concerns about its offensive content, which the ABC has chosen not to reproduce.

Mr Sharma has said he believed the email could be the work of white supremacists.

It appears to be the latest in a string of strange emails sent to Australian email addresses in the past 12 months, using similar language and structure and attacking various ethnicities while awkwardly praising people of Indian descent.

During the Wentworth by-election in October, a similar email was circulated falsely claiming Dr Phelps was withdrawing from the race because she had HIV, and urging people to vote for Mr Sharma.

The ABC also does not suggest Mr Sharma or anyone involved with his campaign is behind the email.

The AFP told the ABC it had previously closed an investigation into the October email after finding "insufficient evidence to pursue an investigation".

That email, and others which shared the same language and structure that were seen by the ABC, did not contain the name Chettipally in the attached metadata.

Real sender concealed through multiple IPs

Cybersecurity expert Peter Hannay said the email header, where Mr Chettipally's name appeared in the email's metadata, was very easy to manipulate.

"Certainly spoofing email in that way isn't difficult, anyone with a first-year computer science education could do it," Dr Hannay said.

"So certainly a conscious decision [has been] made by the person who is responsible for all these emails going out."

The IP address of the sender was re-routed through a system of international servers located in France and the Netherlands.

The email was doctored to display fake return addresses in the recipient's inbox.

"Whoever was sending the emails made a conscious effort to ensure that they were sent through a particular provider ... it does show that they're engaging in a conscious effort to conceal the origin of those emails," Dr Hannay said.

Dr Hannay said Australian email addresses could be targeted because people's information was leaked after major providers were hacked, and their data was made available on the web.

"Really anyone who wants to get a hold of these things can find them without too much trouble," Dr Hannay said.

"And from there [they can] acquire millions of email addresses.

"From that they could then filter down to addresses ending in .au or, if it's a database that happens to include the address of people, they could target people in certain states."

Dr Hannay said the latest email was structurally very similar to other spam emails that were sent out as early as March last year.

Many of these emails exhorted local employers to only hire people of ethnically Indian origin, and spoke offensively about other races.

Some recipients, who posted the email's text to online message board Reddit, said they thought it was someone trying to stir up hatred of Indian people in Australia.

"As a non-native English speaker it doesn't sound like someone [whose] second language is English," one person posted.

"Some parts the writing is very natural and the typos/mistakes almost seem deliberate, that non-natives generally don't make."

Aussie domains targeted and spoofed

The email was made to appear as if it was sent from a variety of .com.au domains, which is the information that appears after the "@" symbol.

Cameron Boardman, the chief executive of .au Domain Administration Ltd (AUDA), which controls the registration of websites that end in ".au", said he believed "all of the emails almost certainly are 'spoofed'", or use a forged email address.

After reviewing some of the emails, AUDA suggested many of the sender addresses had been randomly machine-generated, as several domains do not even exist in the .au registry.

Marc Altshuler, a digital producer in Sydney, owns one of the domains associated with the scam email.

He made clear he had nothing to do with the email campaign and described the incident as "very concerning", particularly as he has Jewish family members.

"If my family or friends saw that that domain was being associated with any sort of anti-Semitism, that's terrible," he said.

Security experts said it was relatively simple to use online tools and "spoof" the address an email is sent from — in other words, create a fake address to mask the sender's true identity.

Mr Altshuler said he was worried an impersonator could damage the reputation of his business by making it look as if his domain had sent the email.

Another domain owner, who didn't want to be named, had the same concerns.

The Sydney man said he had several such websites for sale, and had no idea why his address had been mimicked in this way.

"If it gets hammered in the wrong way out there, if might affect a future owner, a potential buyer," he said.

AUDA's Mr Boardman said such email scams were common worldwide, and despite anti-spam efforts, they would be difficult to completely eradicate.

"Consumers have to be ever-vigilant with managing their inboxes," he said.