" spam Archives - Page 2 of 4 - LuxSci

Posts Tagged ‘spam’

Save Yourself From “Yourself”: Stop Spam From Your Own Address

Friday, September 22nd, 2017

I just got junk email … from me!

It is surprisingly common for users to receive Spam email messages that appear to come from their own address (i.e. “joe@domain.com” gets a Spam email addressed so it appears to be from “joe@domain.com”).  We discussed this issue tangentially in a previous posting: Bounce Back & BackScatter Spam – “Who Stole My Email Address”?  However, many users wonder how this is even possible, while others are concerned if their Spam filters are not catching these messages.

How can Spammers use your email address to send Spam?

The way that email works at a fundamental level, there is very little validation performed on the apparent identity of the “Sender” of an email.  Just as you could mail a letter at the post office and write any return address on it, a Spammer can compose and send an email address with any “From” email address and name.  This is in fact extremely easy to do, and Spammers use this facility with almost every message that they send.

Read the rest of this post »

Infographic: Steps to Avoiding Forged Email

Friday, February 12th, 2016

Forged emails are extremely common. Most of the time forged emails are merely a nuisance.However, if you accidentally share information with or click on a link from someone who sent a forged email, the results can devastate your goal or even your site, or if it’s really evil, an entire computer. Here’s some information about how to recognize and stop forged emails.

How to Avoid Forged Email: Forged Email Facts & SPF Significance

Avoiding Forged Email. Significance of SPF

Read the rest of this post »

Stopping Forged Email 2: DKIM to the Rescue

Monday, February 23rd, 2015

DKIMIn our last post in this series, we examined how SPF can be used to help weed out forged email messages by validating if a message was sent from an approved server by looking at the IP address delivering the email message. While SPF can work, it has many significant limitations that cause it to fall far short of being a panacea.

So — besides looking at the sending server IP address — what else can we do to determine if a message was forged?

It turns out that there is another way. By using encryption techniques and digital signatures, the sender’s servers can transparently “sign” a message in a way that you can verify upon receipt. This is called DKIM.

DKIM – Domain Keys Identified Mail: A Simple Explanation

DKIM stands for “Domain Keys Identified Mail.” This stands for “Domain-wide validation Mail Identity through use of cryptographic Keys.” To understand DKIM, we need to pause and look at what we mean by “cryptographic keys” and how they can be used.

Read the rest of this post »

Stopping Forged Email 1: SPF to the Rescue

Tuesday, February 17th, 2015

SPFWe have recently looked at how hackers and spammers can send forged emails and then seen how these forged messages can be almost identical to legitimate messages from the purported senders. We learned that generally, all you can trust in an inbound email message is the internet IP address of the server talking to your inbound email server. This cannot realistically be forged in any way that would still enable you to receive the message.

We know who the message is from and the server’s address that delivered it to us. How can we reliably prevent fraud by checking if the message was forged or not? Seems hard.

It turns out that a number (yes, more than one!) of techniques can be used to do this. The first and simplest is SPF – Sender Policy Framework. Below, we shall look at what this does, how it works, how to set it up, and what some of its deficiencies are. In future articles, we will look at the other techniques.

Sender Policy Framework: A Super Simple Explanation

Simply put, SPF is a way for the owner of a domain, such as bankofamerica.com, to publish information indicating what servers (internet addresses) are authorized to send email from that domain. Recipients (e.g., your spam filtering software) can check the internet address that is trying to send you an email from bankofamerica.com against this authorization list- if it is on it, the message is probably legitimate; if not, it’s probably forged.

Read the rest of this post »

8 Ways to Protect yourself from Forged/Fake Email

Monday, January 26th, 2015

The Internet is rife with fake and forged email.  Typically these are email messages that appear to be from a friend, relative, business acquaintance, or vendor that ask you to do something.  If you trust that the message is really from this person, you are much more likely to take whatever action is requested — often to your detriment.

These are forms of social engineering — the “bad guys” trying to establish a trusted context so that you will give them information or perform actions that you otherwise would not or should not do.

Here we address some of the actions you can take to protect yourself from these attacks as best as possible.  We’ll present these in the order of increasing complexity / technical difficulty.

Read the rest of this post »