Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
public:emai:malware [2021-10-21 12:55] – [Dealing with malware, spam, suspicious content] vesely | public:emai:malware [2021-10-21 13:51] – vesely |
---|
====== Dealing with malware, spam, suspicious content ====== | ====== Dealing with malware, spam, suspicious content ====== |
| |
<faicon fa hand-o-right> [[:public:emai:malware#monitoring_and_filtering_agenda|Skip right to mail filtering agenda paragraph]] | <faicon fa fa-hand-o-right> [[:public:emai:malware#monitoring_and_filtering_agenda|Skip right to mail filtering agenda paragraph]] |
| |
---- | ---- |
* [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font> - Some spammers conceal spam text as an image or PDF document. | * [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font> - Some spammers conceal spam text as an image or PDF document. |
* [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font> - Deepheader analysis examines the entire message header for spam characteristics. | * [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font> - Deepheader analysis examines the entire message header for spam characteristics. |
| |
| ===== Possible Spoof ===== |
| |
| //Added subject tag: **[IPt:Possible Spoof]** // |
| |
| see [[https://en.wikipedia.org/wiki/Email_spoofing|https://en.wikipedia.org/wiki/Email_spoofing]] |
| |
| Email spoofing is the creation of email messages with a forged sender address. |
| |
| It usually happens when a sender uses different email address in "From:" field from the envelope email address (MAIL FROM:) |
| |
| **Legacy "legitimate use"** - In the early Internet, "legitimately spoofed" email was common. For example, a visiting user might use the local organization's SMTP server to send email from the user's foreign address. Since most servers were configured as "open relays", this was a common practice. As spam email became an annoying problem, these sorts of "legitimate" uses fell out of favor. |
| |
| **Malicious use of spoofing** - Phishing and business email compromise scams generally involve an element of email spoofing. Email spoofing has been responsible for public incidents with serious business and financial consequences. |
| |
| Example of spoof email: |
| |
| MAIL FROM: **johndoe2<font inherit/inherit;;#2980b9;;inherit>@gmail.com</font>** \\ |
| From: **john.doe<font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font>** \\ |
| To: **jane.dow<font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font>** |
| |
| Such email is suspicious. Some user with an account at Gmail (johndoe2@gmail.com) set his profile to use institutional email address (john.doe@cerge-ei.cz). \\ |
| Problem is that such email is not sent (hence authorised) by cerge-ei.cz email server but it is sent by some third party server(google server in this case). |
| |
===== SPF ===== | ===== SPF ===== |