Stopping Forged Email 4: Your Last Resorts
Wednesday, March 4th, 2015In previous posts we have examined how hackers and spammers can send forged email and how it can be extremely difficult to differentiate these messages from legitimate messages. We have looked at the various common techniques for anti-fraud such as SPF, DKIM, and DMARC and seen that, while these technologies can help a lot, they all have limitations; they all require strict and proper setup by the owner of the purported sender’s domain, and they must be well supported by your own spam filtering system.
Yet even with these technologies, it’s not hard in many cases for a determined attacker to send you a forged, fraudulent email message that still looks and feels legitimate.
What else can you do to validate email messages and protect yourself from phishing or social engineering attacks?
Read the rest of this post »