Differences

This shows you the differences between two versions of the page.

--- public:emai:malware [2023-03-09 09:41] – vesely
+++ public:emai:malware [2023-03-09 09:42] – vesely
@@ Line 77: / Line 77: @@
 **Example of spoof email:**
-MAIL FROM: **johndoe2 <font inherit/inherit;;#2980b9;;inherit>@gmail.com</font> ** \\
+MAIL FROM: **johndoe2
-From: **john.doe <font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font> ** \\
+ <font inherit/inherit;;#2980b9;;inherit>@gmail.com</font> ** \\
-To: **jane.dow <font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font> **
+From: **john.doe
+ <font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font> ** \\
+To: **jane.dow
+ <font inherit/inherit;;#d35400;;inherit>@cerge-ei.cz</font> **
 Such email is suspicious. Some user with an account at Gmail (johndoe2@gmail.com) set his profile to use institutional email address (john.doe@cerge-ei.cz). \\
@@ Line 195: / Line 198: @@
 </code>
-https://en.wikipedia.org/wiki/Authenticated_Received_Chain
+[[https://en.wikipedia.org/wiki/Authenticated_Received_Chain|https://en.wikipedia.org/wiki/Authenticated_Received_Chain]]
-https://dmarc.org/presentations/ARC-Overview-2016Q3-v01.pdf
+[[https://dmarc.org/presentations/ARC-Overview-2016Q3-v01.pdf|https://dmarc.org/presentations/ARC-Overview-2016Q3-v01.pdf]]
 ===== Reputation databases - Blacklists =====
@@ Line 259: / Line 262: @@
 Certain sort of newsletter senders wants to track recipients clicks (to monetize and/or monitor recipient behavior) so they conceal the target URL behind their own hash. It is then undecidable whether the redirected URL is OK or not (phishing).
-**Example**
+**Example** <font inherit/inherit;;#c0392b;;inherit>**Obfuscated/unresolvable link**:</font>  If you get the newsletter from **bostonglobe.com**  with links in the form [[https://bostonglobe.us11|https://bostonglobe.us11]].**list-manage.com/track/click?u=90f9e490a86&id=0c98f5&e=e8fef**  , it cannot be said what is the targeting URL. Hence the ** <font inherit/inherit;;#c0392b;;inherit>warning about uncertain content is added</font> **.
- <font inherit/inherit;;#c0392b;;inherit>**Obfuscated/unresolvable link**:</font> If you get the newsletter from **bostonglobe.com**  with links in the form [[https://bostonglobe.us11|https://bostonglobe.us11]].**list-manage.com/track/click?u=90f9e490a86&id=0c98f5&e=e8fef**  , it cannot be said what is the targeting URL. Hence the ** <font inherit/inherit;;#c0392b;;inherit>warning about uncertain content is added</font> **.
 ** <font inherit/inherit;;#27ae60;;inherit>Regular/direct link</font> **: If the newsletter from **newyorker.com**  contains links in the form [[https://link|https://link]].**newyorker.com/view/5dc1b3fc91f4/03075c2d**  , it may be tracked down to the target URL and **is considered safe**.
@@ Line 310: / Line 312: @@
 //Added subject tag: [Suspicious - header analysis]//
-//Added warning text: "Deepheader analysis examines header for spam characteristics. Don't click any link unless you are certain it's legitimate.////"//
+//Added warning text: "Deepheader analysis examines header for spam characteristics. Don't click any link unless you are certain it's legitimate.////"// <font inherit/inherit;;#c0392b;;inherit>Tool to examine message header (displays human-readable content):</font> [[https://mha.azurewebsites.net/|https://mha.azurewebsites.net/]]
- <font inherit/inherit;;#c0392b;;inherit>Tool to examine message header (displays human-readable content):</font> [[https://mha.azurewebsites.net/|https://mha.azurewebsites.net/]]
 Deepheader analysis examines the entire message header for spam characteristics.