Collaborate Disseminate
Today I received a phishing mail from my own (valid) sender address (info@example.com).
I checked the e-mail header and see the mail was received by my valid mailserver.
Received: from mail.example.com ([::1]:36128) by domain.1blu.de (kopa… Continue reading Spam mail from own mailserver, but there is no outgoing mail in postfix log? [duplicate]
How can I send an email with a spoofed ‘from’ field with nodemailer and SMTP? I know that SMTP does not provide any authentication check to see if the ‘from’ field is actually correct, so why is it not as easy as just changing the ‘from’ h… Continue reading Send spoofed email with nodemailer
I got a lot of phishing attempts that appear to come from an actual microsoft.com e-mail address (see I need some verification about unusual login emails)
I though this was odd, since I had hoped that "popular" e-mail domains lik… Continue reading Why are @microsoft.com e-mail address not protected against spoofing
I had an email today, which I’m 100% sure is a scam, I just can’t work out how it works. The "From" address is service@paypal.com, which is better than most scams!
Here is a screenshot of the email body…
First sign of scammine… Continue reading How does this PayPal scam work? [closed]
I am trying to send an e-mail via Windows Powershell ISE using Office365’s hosting server, on behalf of another user which is specified in FROM part of the code using. But when I try to do this, I get: "STOREDRV.Submission.Exception:S… Continue reading Bypassing Office365 Server Send As Denial
Many people have written about DKIM header injection attacks. [1] The suggestion to mitigate it is to oversign headers and to rotate any DKIM keys that were previously used to sign e-mails where not all important headers have been oversign… Continue reading How many times need e-mail headers be signed with DKIM to mitigate DKIM header injection attacks?
Excuse my ignorance. I’m just a beginner trying to fill in the knowledge gaps that I have on how email system in general works, so this might seem a silly question to some or even all of you.
Is there a possibility that an email comes from… Continue reading Can you rule out the possibility that an email is spoofed despite passing SPF, DKIM, and DMARC?
I would like to know is this possible to spoof the profile picture in a spoofed email.
I’m learning email spoofing with php. I can spoof the headers like from , reply-to but I can’t find any way to add profile picture (avatar) for that mai… Continue reading Email spoofing with custom profile picture [closed]
IP addresses can be spoofed. The Envelope-From and Header-From addresses can be spoofed as well. But is it possible to spoof all three at the same time to send a forged email that passes both SPF and SPF alignment in DMARC?
If it is possib… Continue reading Can DMARC’s SPF alignment be spoofed?
I have set up DMARC for some months now and I am using dmarc-visualizer to parse the reports.
Overall I am happy so we can advance towards BIMI, but before switching to quarantine or reject on DMARC, there is a behavior that I cannot under… Continue reading DMARC falsely reports impersonation