Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
public:emai:malware [2021-10-20 09:05] – vesely | public:emai:malware [2021-11-19 08:13] – [Suspicious content (HTML links, docs)] vesely | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Dealing with malware, spam, suspicious content ====== | ====== Dealing with malware, spam, suspicious content ====== | ||
- | [[: | + | <faicon fa fa-hand-o-right> |
---- | ---- | ||
Line 47: | Line 47: | ||
* [[: | * [[: | ||
* [[: | * [[: | ||
+ | |||
+ | ===== Possible Spoof ===== | ||
+ | |||
+ | //Added subject tag: **[IPt: | ||
+ | |||
+ | see [[https:// | ||
+ | |||
+ | Email spoofing is the creation of email messages with a forged sender address. | ||
+ | |||
+ | It usually happens when a sender uses different email address in " | ||
+ | |||
+ | **Legacy " | ||
+ | |||
+ | **Malicious use of spoofing** | ||
+ | |||
+ | **Example of spoof email:** | ||
+ | |||
+ | MAIL FROM: **johndoe2< | ||
+ | From: **john.doe< | ||
+ | To: **jane.dow< | ||
+ | |||
+ | Such email is suspicious. Some user with an account at Gmail (johndoe2@gmail.com) set his profile to use institutional email address (john.doe@cerge-ei.cz). \\ | ||
+ | Problem is that such email is not sent (hence authorised) by cerge-ei.cz email server but it is sent by some third party server(google server in this case). | ||
===== SPF ===== | ===== SPF ===== | ||
Line 145: | Line 168: | ||
==== IP reputation database - DNSBL ==== | ==== IP reputation database - DNSBL ==== | ||
- | //Added subject tag: [IP reputation - DNSBL listed]// | + | //Added subject tag: **[IP reputation - DNSBL listed]** // |
see: [[https:// | see: [[https:// | ||
Line 155: | Line 178: | ||
==== IP reputation database - SURBL ==== | ==== IP reputation database - SURBL ==== | ||
- | //Added subject tag: [IP reputation - SURBL listed]// | + | //Added subject tag: **[IP reputation - SURBL listed]** // |
see: [[http:// | see: [[http:// | ||
Line 195: | Line 218: | ||
===== Suspicious ===== | ===== Suspicious ===== | ||
- | ==== Suspicious content (HTML links, docs) ==== | + | ==== Suspicious content (HTML links, docs, macro) ==== |
//Added subject tag: **[Suspicious]** // | //Added subject tag: **[Suspicious]** // |