" sender Archives - LuxSci

Posts Tagged ‘sender’

Save Yourself From “Yourself”: Stop Spam From Your Own Address

Friday, September 22nd, 2017

I just got junk email … from me!

It is surprisingly common for users to receive Spam email messages that appear to come from their own address (i.e. “joe@domain.com” gets a Spam email addressed so it appears to be from “joe@domain.com”).  We discussed this issue tangentially in a previous posting: Bounce Back & BackScatter Spam – “Who Stole My Email Address”?  However, many users wonder how this is even possible, while others are concerned if their Spam filters are not catching these messages.

How can Spammers use your email address to send Spam?

The way that email works at a fundamental level, there is very little validation performed on the apparent identity of the “Sender” of an email.  Just as you could mail a letter at the post office and write any return address on it, a Spammer can compose and send an email address with any “From” email address and name.  This is in fact extremely easy to do, and Spammers use this facility with almost every message that they send.

Read the rest of this post »

Tags: allow list, dkim, email address, filtering, forged email, sender, smtp, spam, spf, white list
Posted in LuxSci Library: The Technical Side of Email, Popular Posts
2 Comments »

SPF and DKIM: The State of Domain-based Email Authentication – Part 1

Friday, September 1st, 2017

Recent reports on cyber-security threats in the healthcare sector by Verizon, Symantec and Ponemon consistently make several observations:

  • Email-borne malware is on the rise, with such malware delivered via spam or phishing;
  • Small-to-medium sized businesses (from all sectors) have the highest rate of email-delivered malware;
  • Most breaches are caused by negligent employees or contractors.

These conclusions are hardly surprising as email is now an increasingly common part of communications with protected health information (PHI) frequently exchanged amongst employees and patients within a practice, between medical providers, and medical providers and their business associates. The concern for the healthcare industry is the potential violation of the HIPAA privacy rule caused by email-related (and other) breaches, leading to disruptions from loss of data, compliance audits and possibly hefty fines.

No Phishing

We wrote about obvious measures medical providers can take to avoid HIPAA non-compliance in email exchanges such as opt-out email security. That addresses only one aspect of the threat landscape, though – the protection of PHI in email exchanges. Another aspect is more sinister, as it deals with external, malignant actors. These actors use various spoofing techniques to trick patients or employees of a medical practice to react incautiously, often impulsively, to emails supposedly coming from valid sources. These often lead to identity theft, where the damage is more far-reaching as the information given up is more long-lived and more widely used and cannot just be erased like revoking a misused credit card.

Read the rest of this post »

Tags: DMARC, identity theft, phishing, sender, skim, spf
Posted in LuxSci Library: The Technical Side of Email
No comments »