public:emai:malware

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
public:emai:malware [2021-10-21 13:29] veselypublic:emai:malware [2021-11-19 08:13] – [Suspicious content (HTML links, docs)] vesely
Line 52: Line 52:
 //Added subject tag: **[IPt:Possible Spoof]** // //Added subject tag: **[IPt:Possible Spoof]** //
  
-see https://en.wikipedia.org/wiki/Email_spoofing+see [[https://en.wikipedia.org/wiki/Email_spoofing|https://en.wikipedia.org/wiki/Email_spoofing]]
  
 Email spoofing is the creation of email messages with a forged sender address. Email spoofing is the creation of email messages with a forged sender address.
 +
 +It usually happens when a sender uses different email address in "From:" field from the envelope email address (MAIL FROM:)
 +
 +**Legacy "legitimate use"**  - In the early Internet, "legitimately spoofed" email was common. For example, a visiting user might use the local organization's SMTP server to send email from the user's foreign address. Since most servers were configured as "open relays", this was a common practice. As spam email became an annoying problem, these sorts of "legitimate" uses fell out of favor.
 +
 +**Malicious use of spoofing**  - Phishing and business email compromise scams generally involve an element of email spoofing. Email spoofing has been responsible for public incidents with serious business and financial consequences.
 +
 +**Example of spoof email:**
 +
 +MAIL FROM: **johndoe2<font inherit/inherit;;#2980b9;;inherit>@gmail.com</font>** \\
 +From: **john.doe<font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font>** \\
 +To: **jane.dow<font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font>**
 +
 +Such email is suspicious. Some user with an account at Gmail (johndoe2@gmail.com) set his profile to use institutional email address (john.doe@cerge-ei.cz). \\
 +Problem is that such email is not sent (hence authorised) by cerge-ei.cz email server but it is sent by some third party server(google server in this case).
  
 ===== SPF ===== ===== SPF =====
Line 203: Line 218:
 ===== Suspicious ===== ===== Suspicious =====
  
-==== Suspicious content (HTML links, docs) ====+==== Suspicious content (HTML links, docs, macro) ====
  
 //Added subject tag: **[Suspicious]** // //Added subject tag: **[Suspicious]** //
  • /var/www/html/dokuwiki/data/pages/public/emai/malware.txt
  • Last modified: 2023-03-09 12:13
  • by vesely