19 C
Jaipur
Wednesday, October 28, 2020

Email Header Analysis – Verify Received Email is Genuine or Spoofed

Must read

Best Tools to Create a Bootable Linux USB Drive

Bootable USB is a USB drive that is used to boot up a computer or laptop for installation on an operating system.Unlike Windows, Linux...

Samsung Galaxy S21 May Ditch Bundled Earphones And Charger Like Apple

A few weeks ago, Apple made headlines after announcing that the iPhone 12 won’t ship with a charger or a pair of earphones. And now it...

China launches crackdown on mobile web browsers, decries ‘chaos’ of information – Latest News

China's top cyber authority said it would carry out a "rectification" of Chinese mobile internet browsers to address what it called social concerns over...

cellphone: Japan unveils plan to prod carriers to cut cellphone charges – Latest News

Japan on Tuesday laid out a plan for reducing consumers' cellphone charges, as the government stepped up its bid to promote competition in the...

Email Header Analysis highly required process to prevent malicious threats since Email is a business critical asset. Altering email header to make the message appear to come from somewhere other than the actual source is a fraudulent email.

If the spam filter is bypassed a receiving the mail to inbox can be the critical impact to the organization. This makes an organization open door to attacks like social engineering, delivering malicious payloads to compromise the internal asset.

Email Header Analysis – Analyzing message headers:

  • In Email Header Analysis.Message headers (email header) are used by people which include from, to, cc and subject.
  • The email message headers are contained in the envelope headers.
  • care used by the simple mail transfer protocol (SMTP).
  • Investigating headers will provide routing details.
  • You can look Raw contains in mailbox>more>Show original or View Raw Message.

Note: Before start investigating the envelope header lets break down the process for better understanding.

Email Header Analysis – Breakdown

Process of Email header analysis, Envelope Header (Email Header) contains many fields, but this is most important to investigate when you think something is suspicious.

Return-path

  • Delivery status notices are sent to this address
  • Validation by sender policy framework(SPF)
  • Looks up the domain in the return-path (SMTP envelope sender) and verifies that corresponding IP is authorized to send an email for the domain.
  • But this does not prevent attackers from spoofing the “From” address.

Reply-To

  • Email address used in message replies
  • overrides the “From” address in replies

Received

  • A single email will have more “Received” entries
  • The bottom “Received” entry will show the initial server to handle the message.

Line beginning with X

  • Added by email servers and security tools. Received & X-Fields are created by your own email services are the completely trustworthy entries.

Email Header Analysis – Header Drill Down

Email Header Analysis
  • In this, you can view mail Received from 127.0.0.1 (EHLO emkei.cz) (46.167.245.116)

Malformed SPF

Email Header Analysis
  • Received-SPF is a permanent error during validation.
  • This is good evidence that the mail is spoofed and sender policy framework failed.
  • As we discussed earlier, does not prevent attackers from spoofing the “From” address.

DomainKeys Identified Mail

  • The receiver runs DNS query to get the public key from the sender domain and Digitally signs emails.
  • Does not prevent attackers from spoofing the “From” address.
  • Can Validate message integrity
  • In thus dkim=neutral ( no sig) which shows no signatures.

Email Header Analysis – Open Relay Test

  • An open relay is an SMTP server configured in such a way that allows a third party to relay (send/receive email messages that are neither from nor for local users).
  • Therefore, such servers are usually targets for spam senders.
Email Header Analysis
  • In Thus Test Passed with an error message, Replay access is denied.
  • so the attacker is targeting victim to click the link and pay money.
  • Above figure shows that attacker goal is to click and pay the amount with a legitimate look of the source email address.

Email Header Analysis – Threat Intelligence Report

  • Checking the reputation for the malicious IP.
  • You can use your online tools for searching reputation.
    Example: VirusTotal or IBM x-force
Email Header Analysis
  • So here we can conclude that the attacker has tried communicating with the victim with spoofing techniques to show him as a legitimate user.
  • Aware of social engineering attacks through technologies.
  • Never click and pay when communicating IP is not Trustworthy.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Best Tools to Create a Bootable Linux USB Drive

Bootable USB is a USB drive that is used to boot up a computer or laptop for installation on an operating system.Unlike Windows, Linux...

Samsung Galaxy S21 May Ditch Bundled Earphones And Charger Like Apple

A few weeks ago, Apple made headlines after announcing that the iPhone 12 won’t ship with a charger or a pair of earphones. And now it...

China launches crackdown on mobile web browsers, decries ‘chaos’ of information – Latest News

China's top cyber authority said it would carry out a "rectification" of Chinese mobile internet browsers to address what it called social concerns over...

cellphone: Japan unveils plan to prod carriers to cut cellphone charges – Latest News

Japan on Tuesday laid out a plan for reducing consumers' cellphone charges, as the government stepped up its bid to promote competition in the...

Uniqlo: Japanese apparel retailer Uniqlo forays into Indian online market – Latest News

Japanese global apparel retailer UNIQLO on Tuesday said it has forayed into the Indian online market. The company has introduced 'Shop From Home' service...