Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
public:emai:malware [2021-10-21 12:56] – [Dealing with malware, spam, suspicious content] vesely | public:emai:malware [2021-11-19 08:13] – [Suspicious content (HTML links, docs)] vesely |
---|
* [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font> - Some spammers conceal spam text as an image or PDF document. | * [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font> - Some spammers conceal spam text as an image or PDF document. |
* [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font> - Deepheader analysis examines the entire message header for spam characteristics. | * [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font> - Deepheader analysis examines the entire message header for spam characteristics. |
| |
| ===== Possible Spoof ===== |
| |
| //Added subject tag: **[IPt:Possible Spoof]** // |
| |
| see [[https://en.wikipedia.org/wiki/Email_spoofing|https://en.wikipedia.org/wiki/Email_spoofing]] |
| |
| Email spoofing is the creation of email messages with a forged sender address. |
| |
| It usually happens when a sender uses different email address in "From:" field from the envelope email address (MAIL FROM:) |
| |
| **Legacy "legitimate use"** - In the early Internet, "legitimately spoofed" email was common. For example, a visiting user might use the local organization's SMTP server to send email from the user's foreign address. Since most servers were configured as "open relays", this was a common practice. As spam email became an annoying problem, these sorts of "legitimate" uses fell out of favor. |
| |
| **Malicious use of spoofing** - Phishing and business email compromise scams generally involve an element of email spoofing. Email spoofing has been responsible for public incidents with serious business and financial consequences. |
| |
| **Example of spoof email:** |
| |
| MAIL FROM: **johndoe2<font inherit/inherit;;#2980b9;;inherit>@gmail.com</font>** \\ |
| From: **john.doe<font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font>** \\ |
| To: **jane.dow<font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font>** |
| |
| Such email is suspicious. Some user with an account at Gmail (johndoe2@gmail.com) set his profile to use institutional email address (john.doe@cerge-ei.cz). \\ |
| Problem is that such email is not sent (hence authorised) by cerge-ei.cz email server but it is sent by some third party server(google server in this case). |
| |
===== SPF ===== | ===== SPF ===== |
===== Suspicious ===== | ===== Suspicious ===== |
| |
==== Suspicious content (HTML links, docs) ==== | ==== Suspicious content (HTML links, docs, macro) ==== |
| |
//Added subject tag: **[Suspicious]** // | //Added subject tag: **[Suspicious]** // |