Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
public:emai:malware [2021-10-20 09:03] – vesely | public:emai:malware [2021-10-21 13:52] – vesely | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Dealing with malware, spam, suspicious content ====== | ====== Dealing with malware, spam, suspicious content ====== | ||
- | [[: | + | <faicon fa fa-hand-o-right> |
---- | ---- | ||
Line 47: | Line 47: | ||
* [[: | * [[: | ||
* [[: | * [[: | ||
+ | |||
+ | ===== Possible Spoof ===== | ||
+ | |||
+ | //Added subject tag: **[IPt: | ||
+ | |||
+ | see [[https:// | ||
+ | |||
+ | Email spoofing is the creation of email messages with a forged sender address. | ||
+ | |||
+ | It usually happens when a sender uses different email address in " | ||
+ | |||
+ | **Legacy " | ||
+ | |||
+ | **Malicious use of spoofing** | ||
+ | |||
+ | **Example of spoof email:** | ||
+ | |||
+ | MAIL FROM: **johndoe2< | ||
+ | From: **john.doe< | ||
+ | To: **jane.dow< | ||
+ | |||
+ | Such email is suspicious. Some user with an account at Gmail (johndoe2@gmail.com) set his profile to use institutional email address (john.doe@cerge-ei.cz). \\ | ||
+ | Problem is that such email is not sent (hence authorised) by cerge-ei.cz email server but it is sent by some third party server(google server in this case). | ||
===== SPF ===== | ===== SPF ===== | ||
Line 128: | Line 151: | ||
===== Reputation databases - Blacklists ===== | ===== Reputation databases - Blacklists ===== | ||
+ | |||
+ | ==== IP reputation ==== | ||
+ | |||
+ | //Added subject tag: **[IP reputation] ** // | ||
+ | |||
+ | //More problematic IPs are also taged with **[!]** | ||
+ | |||
+ | **Bad IP reputation** | ||
+ | |||
+ | IP reputation may be checked here: [[https:// | ||
+ | |||
+ | It is responsibility of the sender to have ' | ||
+ | |||
+ | In case there is involved dynamically assigned address from a service provider (like Vodafone, T-mobile, O2, UPC …) the sender' | ||
==== IP reputation database - DNSBL ==== | ==== IP reputation database - DNSBL ==== | ||
- | //Added subject tag: [IP reputation - DNSBL listed]// | + | //Added subject tag: **[IP reputation - DNSBL listed]** // |
see: [[https:// | see: [[https:// | ||
Line 141: | Line 178: | ||
==== IP reputation database - SURBL ==== | ==== IP reputation database - SURBL ==== | ||
- | //Added subject tag: [IP reputation - SURBL listed]// | + | //Added subject tag: **[IP reputation - SURBL listed]** // |
see: [[http:// | see: [[http:// | ||
Line 147: | Line 184: | ||
SURBLs are lists of web sites that have appeared in unsolicited messages. Unlike most lists, SURBLs are not lists of message senders | SURBLs are lists of web sites that have appeared in unsolicited messages. Unlike most lists, SURBLs are not lists of message senders | ||
- | ===== IP reputation | + | ==== |
- | + | ||
- | //Added subject tag: **[IP reputation] ** // | + | |
- | + | ||
- | //More problematic IPs are also taged with **[!]** | + | |
- | + | ||
- | **Bad IP reputation** | + | |
- | + | ||
- | IP reputation may be checked here: [[https:// | + | |
- | + | ||
- | It is responsibility of the sender to have ' | + | |
- | + | ||
- | In case there is involved dynamically assigned address from a service provider (like Vodafone, T-mobile, O2, UPC …) the sender' | + | |
===== Newsletter ===== | ===== Newsletter ===== |