public:emai:malware

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
public:emai:malware [2023-03-09 09:42] veselypublic:emai:malware [2023-03-09 09:43] – [Monitoring and filtering agenda] vesely
Line 37: Line 37:
  
   * [[:public:emai:malware#spf_hard_fail|SPF hard fail]] - sending server __is not on the allowed list__  provided by domain's owner and the domain owner asks for message blocking.   * [[:public:emai:malware#spf_hard_fail|SPF hard fail]] - sending server __is not on the allowed list__  provided by domain's owner and the domain owner asks for message blocking.
-  * [[:public:emai:malware#spf_soft_fail|SPF soft fail]] - +  * [[:public:emai:malware#spf_soft_fail|SPF soft fail]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - SPF - soft fail]</font>  - sending server is not listed among allowed ones, but the domain owner allow message passing with warning. 
- <font inherit/inherit;;#f39c12;;inherit>[Suspicious - SPF - soft fail]</font>  - sending server is not listed among allowed ones, but the domain owner allow message passing with warning. +  * [[:public:emai:malware#spf_bad_alignment|SPF bad alignment]] - <font inherit/inherit;;#f39c12;;inherit>[Covert sender]</font>  - verify the authenticity of the domain sending the email by using two diffrenent header signatures in the message. 
-  * [[:public:emai:malware#spf_bad_alignment|SPF bad alignment]] - +  * [[:public:emai:malware#bad_dmarc|Bad DMARC]] - <font inherit/inherit;;#f39c12;;inherit>[Bad DMARC]</font>  - the sender's domain does not have DMARC record and SPF set properly. 
- <font inherit/inherit;;#f39c12;;inherit>[Covert sender]</font>  - verify the authenticity of the domain sending the email by using two diffrenent header signatures in the message. +  * [[:public:emai:malware#bad_dmarc|Bad ARC]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - bad ARC]</font>  - the sender's email has ARC Seal but it's validation did not succed (e.g. invalid calculated email hash). 
-  * [[:public:emai:malware#bad_dmarc|Bad DMARC]] - +  * [[:public:emai:malware#ip_reputation_database_-_dnsbl|DNSBL listed]] - <font inherit/inherit;;#f39c12;;inherit>[IP reputation - DNSBL listed]</font>  - the sender's IP is listed in SPAM database. 
- <font inherit/inherit;;#f39c12;;inherit>[Bad DMARC]</font>  - the sender's domain does not have DMARC record and SPF set properly. +  * [[:public:emai:malware#suspicious_newsletter|Suspicious Newsletter]] - <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font>  - it may be found that certain newsletters are suspicious because they may actually be spam under the disguise of newsletters. 
-  * [[:public:emai:malware#bad_dmarc|Bad ARC]] - +  * [[:public:emai:malware#ip_reputation|Bad IP reputation]] - <font inherit/inherit;;#f39c12;;inherit>[IP reputaton]</font>  - emails from IP addresses with bad reputation may be discarded or quarantined. It may be dangerous to receive emails from such IPs. 
- <font inherit/inherit;;#f39c12;;inherit>[Suspicious - bad ARC]</font>  - the sender's email has ARC Seal but it's validation did not succed (e.g. invalid calculated email hash). +  * [[:public:emai:malware#warning_disclaimer_prepended_to_email|Warning Disclaimer]] (prepended to email) - <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font> - Anti-Phishing engine cannot decide about targeting URL link (usually concealed by click spying)
-  * [[:public:emai:malware#ip_reputation_database_-_dnsbl|DNSBL listed]] - +
- <font inherit/inherit;;#f39c12;;inherit>[IP reputation - DNSBL listed]</font>  - the sender's IP is listed in SPAM database. +
-  * [[:public:emai:malware#suspicious_newsletter|Suspicious Newsletter]] - +
- <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font>  - it may be found that certain newsletters are suspicious because they may actually be spam under the disguise of newsletters. +
-  * [[:public:emai:malware#ip_reputation|Bad IP reputation]] - +
- <font inherit/inherit;;#f39c12;;inherit>[IP reputaton]</font>  - emails from IP addresses with bad reputation may be discarded or quarantined. It may be dangerous to receive emails from such IPs. +
-  * [[:public:emai:malware#warning_disclaimer_prepended_to_email|Warning Disclaimer]] (prepended to email) - +
- <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font>  - Anti-Phishing engine cannot decide about targeting URL link (usually concealed by click spying)+
   * [[:public:emai:malware#pdf_macro|PDF macro]] - PDF files include the ability to execute code on your device — and that’s where the danger lies   * [[:public:emai:malware#pdf_macro|PDF macro]] - PDF files include the ability to execute code on your device — and that’s where the danger lies
-  * [[:public:emai:malware#suspicious_content_html_links_docs_macro|Suspicious content]] (HTML links, docs) - +  * [[:public:emai:malware#suspicious_content_html_links_docs_macro|Suspicious content]] (HTML links, docs) - <font inherit/inherit;;#f39c12;;inherit>[Suspicious]</font> - HTML content and attachments may contain potentially hazardous tags and attributes 
- <font inherit/inherit;;#f39c12;;inherit>[Suspicious]</font>  - HTML content and attachments may contain potentially hazardous tags and attributes +  * [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font>  - Some spammers conceal spam text as an image or PDF document. 
-  * [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - +  * [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font>  - Deepheader analysis examines the entire message header for spam characteristics.
- <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font>  - Some spammers conceal spam text as an image or PDF document. +
-  * [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - +
- <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font>  - Deepheader analysis examines the entire message header for spam characteristics.+
  
 ===== Possible Spoof ===== ===== Possible Spoof =====
  • /var/www/html/dokuwiki/data/pages/public/emai/malware.txt
  • Last modified: 2023-03-09 12:13
  • by vesely