Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
public:emai:malware [2023-03-09 09:45] – [Monitoring and filtering agenda] vesely | public:emai:malware [2023-03-09 12:12] – old revision restored (2023-03-09 09:45) vesely |
---|
| |
* [[:public:emai:malware#spf_hard_fail|SPF hard fail]] - sending server __is not on the allowed list__ provided by domain's owner and the domain owner asks for message blocking. | * [[:public:emai:malware#spf_hard_fail|SPF hard fail]] - sending server __is not on the allowed list__ provided by domain's owner and the domain owner asks for message blocking. |
* [[:public:emai:malware#spf_soft_fail|SPF soft fail]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - SPF - soft fail]</font> - sending server is not listed among allowed ones, but the domain owner allow message passing with warning. | * [[:public:emai:malware#spf_soft_fail|SPF soft fail]] - |
* [[:public:emai:malware#spf_bad_alignment|SPF bad alignment]] - <font inherit/inherit;;#f39c12;;inherit>[Covert sender]</font> - verify the authenticity of the domain sending the email by using two diffrenent header signatures in the message. | <font inherit/inherit;;#f39c12;;inherit>[Suspicious - SPF - soft fail]</font> - sending server is not listed among allowed ones, but the domain owner allow message passing with warning. |
* [[:public:emai:malware#bad_dmarc|Bad DMARC]] - <font inherit/inherit;;#f39c12;;inherit>[Bad DMARC]</font> - the sender's domain does not have DMARC record and SPF set properly. | * [[:public:emai:malware#spf_bad_alignment|SPF bad alignment]] - |
* [[:public:emai:malware#arc|Bad ARC]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - bad ARC]</font> - the sender's email has ARC Seal but it's validation did not succed (e.g. invalid calculated email hash). | <font inherit/inherit;;#f39c12;;inherit>[Covert sender]</font> - verify the authenticity of the domain sending the email by using two diffrenent header signatures in the message. |
* [[:public:emai:malware#ip_reputation_database_-_dnsbl|DNSBL listed]] - <font inherit/inherit;;#f39c12;;inherit>[IP reputation - DNSBL listed]</font> - the sender's IP is listed in SPAM database. | * [[:public:emai:malware#bad_dmarc|Bad DMARC]] - |
* [[:public:emai:malware#suspicious_newsletter|Suspicious Newsletter]] - <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font> - it may be found that certain newsletters are suspicious because they may actually be spam under the disguise of newsletters. | <font inherit/inherit;;#f39c12;;inherit>[Bad DMARC]</font> - the sender's domain does not have DMARC record and SPF set properly. |
* [[:public:emai:malware#ip_reputation|Bad IP reputation]] - <font inherit/inherit;;#f39c12;;inherit>[IP reputaton]</font> - emails from IP addresses with bad reputation may be discarded or quarantined. It may be dangerous to receive emails from such IPs. | * [[:public:emai:malware#arc|Bad ARC]] - |
* [[:public:emai:malware#warning_disclaimer_prepended_to_email|Warning Disclaimer]] (prepended to email) - <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font> - Anti-Phishing engine cannot decide about targeting URL link (usually concealed by click spying) | <font inherit/inherit;;#f39c12;;inherit>[Suspicious - bad ARC]</font> - the sender's email has ARC Seal but it's validation did not succed (e.g. invalid calculated email hash). |
| * [[:public:emai:malware#ip_reputation_database_-_dnsbl|DNSBL listed]] - |
| <font inherit/inherit;;#f39c12;;inherit>[IP reputation - DNSBL listed]</font> - the sender's IP is listed in SPAM database. |
| * [[:public:emai:malware#suspicious_newsletter|Suspicious Newsletter]] - |
| <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font> - it may be found that certain newsletters are suspicious because they may actually be spam under the disguise of newsletters. |
| * [[:public:emai:malware#ip_reputation|Bad IP reputation]] - |
| <font inherit/inherit;;#f39c12;;inherit>[IP reputaton]</font> - emails from IP addresses with bad reputation may be discarded or quarantined. It may be dangerous to receive emails from such IPs. |
| * [[:public:emai:malware#warning_disclaimer_prepended_to_email|Warning Disclaimer]] (prepended to email) - |
| <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font> - Anti-Phishing engine cannot decide about targeting URL link (usually concealed by click spying) |
* [[:public:emai:malware#pdf_macro|PDF macro]] - PDF files include the ability to execute code on your device — and that’s where the danger lies | * [[:public:emai:malware#pdf_macro|PDF macro]] - PDF files include the ability to execute code on your device — and that’s where the danger lies |
* [[:public:emai:malware#suspicious_content_html_links_docs_macro|Suspicious content]] (HTML links, docs) - <font inherit/inherit;;#f39c12;;inherit>[Suspicious]</font> - HTML content and attachments may contain potentially hazardous tags and attributes | * [[:public:emai:malware#suspicious_content_html_links_docs_macro|Suspicious content]] (HTML links, docs) - |
* [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font> - Some spammers conceal spam text as an image or PDF document. | <font inherit/inherit;;#f39c12;;inherit>[Suspicious]</font> - HTML content and attachments may contain potentially hazardous tags and attributes |
* [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font> - Deepheader analysis examines the entire message header for spam characteristics. | * [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - |
| <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font> - Some spammers conceal spam text as an image or PDF document. |
| * [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - |
| <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font> - Deepheader analysis examines the entire message header for spam characteristics. |
| |
===== Possible Spoof ===== | ===== Possible Spoof ===== |