public:emai:malware

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
public:emai:malware [2023-03-09 12:12] veselypublic:emai:malware [2023-03-09 12:13] (current) vesely
Line 13: Line 13:
 **The generously opened and heterogeneous nature of the academic and research institution is extremely vulnerable to such kind of threat.** Regular enterprises and other profit-making businesses are usually much more homogenous with much simpler rules and measures against the third parties (no IMAP, no access to emails from non-business devices, strict mobile device management, blocked or limited traffic etc.). **The generously opened and heterogeneous nature of the academic and research institution is extremely vulnerable to such kind of threat.** Regular enterprises and other profit-making businesses are usually much more homogenous with much simpler rules and measures against the third parties (no IMAP, no access to emails from non-business devices, strict mobile device management, blocked or limited traffic etc.).
  
-Both areas of malicious or potentially problematic emails and regular emails are overlapping; it is not easy to distinguish between them sometimes. 
  
 <font inherit/inherit;;#f39c12;;inherit>**Both areas**</font>  of <font inherit/inherit;;#f39c12;;inherit>**Both areas**</font>  of
Line 42: Line 41:
  
   * [[:public:emai:malware#spf_hard_fail|SPF hard fail]] - sending server __is not on the allowed list__  provided by domain's owner and the domain owner asks for message blocking.   * [[:public:emai:malware#spf_hard_fail|SPF hard fail]] - sending server __is not on the allowed list__  provided by domain's owner and the domain owner asks for message blocking.
-  * [[:public:emai:malware#spf_soft_fail|SPF soft fail]] - +  * [[:public:emai:malware#spf_soft_fail|SPF soft fail]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - SPF - soft fail]</font>  - sending server is not listed among allowed ones, but the domain owner allow message passing with warning. 
- <font inherit/inherit;;#f39c12;;inherit>[Suspicious - SPF - soft fail]</font>  - sending server is not listed among allowed ones, but the domain owner allow message passing with warning. +  * [[:public:emai:malware#spf_bad_alignment|SPF bad alignment]] - <font inherit/inherit;;#f39c12;;inherit>[Covert sender]</font>  - verify the authenticity of the domain sending the email by using two diffrenent header signatures in the message. 
-  * [[:public:emai:malware#spf_bad_alignment|SPF bad alignment]] - +  * [[:public:emai:malware#bad_dmarc|Bad DMARC]] - <font inherit/inherit;;#f39c12;;inherit>[Bad DMARC]</font>  - the sender's domain does not have DMARC record and SPF set properly. 
- <font inherit/inherit;;#f39c12;;inherit>[Covert sender]</font>  - verify the authenticity of the domain sending the email by using two diffrenent header signatures in the message. +  * [[:public:emai:malware#arc|Bad ARC]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - bad ARC]</font>  - the sender's email has ARC Seal but it's validation did not succed (e.g. invalid calculated email hash). 
-  * [[:public:emai:malware#bad_dmarc|Bad DMARC]] - +  * [[:public:emai:malware#ip_reputation_database_-_dnsbl|DNSBL listed]] - <font inherit/inherit;;#f39c12;;inherit>[IP reputation - DNSBL listed]</font>  - the sender's IP is listed in SPAM database. 
- <font inherit/inherit;;#f39c12;;inherit>[Bad DMARC]</font>  - the sender's domain does not have DMARC record and SPF set properly. +  * [[:public:emai:malware#suspicious_newsletter|Suspicious Newsletter]] - <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font>  - it may be found that certain newsletters are suspicious because they may actually be spam under the disguise of newsletters. 
-  * [[:public:emai:malware#arc|Bad ARC]] - +  * [[:public:emai:malware#ip_reputation|Bad IP reputation]] - <font inherit/inherit;;#f39c12;;inherit>[IP reputaton]</font>  - emails from IP addresses with bad reputation may be discarded or quarantined. It may be dangerous to receive emails from such IPs. 
- <font inherit/inherit;;#f39c12;;inherit>[Suspicious - bad ARC]</font>  - the sender's email has ARC Seal but it's validation did not succed (e.g. invalid calculated email hash). +  * [[:public:emai:malware#warning_disclaimer_prepended_to_email|Warning Disclaimer]] (prepended to email) - <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font>  - Anti-Phishing engine cannot decide about targeting URL link (usually concealed by click spying)
-  * [[:public:emai:malware#ip_reputation_database_-_dnsbl|DNSBL listed]] - +
- <font inherit/inherit;;#f39c12;;inherit>[IP reputation - DNSBL listed]</font>  - the sender's IP is listed in SPAM database. +
-  * [[:public:emai:malware#suspicious_newsletter|Suspicious Newsletter]] - +
- <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font>  - it may be found that certain newsletters are suspicious because they may actually be spam under the disguise of newsletters. +
-  * [[:public:emai:malware#ip_reputation|Bad IP reputation]] - +
- <font inherit/inherit;;#f39c12;;inherit>[IP reputaton]</font>  - emails from IP addresses with bad reputation may be discarded or quarantined. It may be dangerous to receive emails from such IPs. +
-  * [[:public:emai:malware#warning_disclaimer_prepended_to_email|Warning Disclaimer]] (prepended to email) - +
- <font inherit/inherit;;#f39c12;;inherit>[Newsletter]</font>  - Anti-Phishing engine cannot decide about targeting URL link (usually concealed by click spying)+
   * [[:public:emai:malware#pdf_macro|PDF macro]] - PDF files include the ability to execute code on your device — and that’s where the danger lies   * [[:public:emai:malware#pdf_macro|PDF macro]] - PDF files include the ability to execute code on your device — and that’s where the danger lies
-  * [[:public:emai:malware#suspicious_content_html_links_docs_macro|Suspicious content]] (HTML links, docs) - +  * [[:public:emai:malware#suspicious_content_html_links_docs_macro|Suspicious content]] (HTML links, docs) - <font inherit/inherit;;#f39c12;;inherit>[Suspicious]</font>  - HTML content and attachments may contain potentially hazardous tags and attributes 
- <font inherit/inherit;;#f39c12;;inherit>[Suspicious]</font>  - HTML content and attachments may contain potentially hazardous tags and attributes +  * [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font>  - Some spammers conceal spam text as an image or PDF document. 
-  * [[:public:emai:malware#image_spam|Image Spam]] (images, pdf) - +  * [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font>  - Deepheader analysis examines the entire message header for spam characteristics.
- <font inherit/inherit;;#f39c12;;inherit>[Image spam]</font>  - Some spammers conceal spam text as an image or PDF document. +
-  * [[:public:emai:malware#deepheader_analysis|Deepheader analysis]] - +
- <font inherit/inherit;;#f39c12;;inherit>[Suspicious - header analysis]</font>  - Deepheader analysis examines the entire message header for spam characteristics.+
  
 ===== Possible Spoof ===== ===== Possible Spoof =====
  • /var/www/html/dokuwiki/data/pages/public/emai/malware.txt
  • Last modified: 2023-03-09 12:13
  • by vesely