" fraud Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘fraud’

How can I determine if an email was actually sent to me?

Wednesday, June 14th, 2017

Someone claims to have sent you an email message.  You never got it, as far as you know.  How can you determine if the sender actually sent the message?  How to you prove or disprove the claim?

This question is submitted by a reader via “Ask Erik” — a channel by which anyone can ask LuxSci a technical question.

Email

Read the rest of this post »

Stopping Forged Email 1: SPF to the Rescue

Tuesday, February 17th, 2015

We have recently looked at how hackers and spammers can send forged email and then seen how these forged messages can be almost identical to legitimate messages from the purported senders.  In fact, we learned that generally all you can trust in an inbound email message is the internet IP address of the server talking to your inbound email server — as this cannot realistically be forged in any way that would still enable you to receive the message.

We know who the message says it is from and the address of the server that delivered it to us.  How can we reliably prevent fraud by checking if the message was forged or not?  Seems hard.

It turns out that there are a number (yes, more than one!) of techniques that can be used to do this.  The first and simplest is SPF – Sender Policy Framework.  Below, we shall look at what this does, how it works, how to set it up, and what some of its deficiencies are.  In future articles, we will look at the other techniques.

SPF – Sender Policy Framework: A Super Simple Explanation

Simply put, SPF is a way for the owner of a domain, such as bankofamerica.com, to publish information indicating what servers (Internet addresses) are authorized to send email from that domain.  Recipients (e.g. your spam filtering software) can check the Internet address that is trying to send you an email from bankofamerica.com against this authorization list — if it is on it, the message is probably legitimate; if not, it’s probably forged.

Read the rest of this post »

LUXSCI