Collaborate Disseminate
We are planning to create a rule in Proofpoint to enforce TLS on all outgoing email. I need to test that the rule is working and emails are bouncing if the recipient SMTP server does not support TLS.
The question is, where c… Continue reading How to test if TLS is enforced for emails sent through SMTP?
In my office we receive purchase orders (PO) in the same email as the work orders that need to be sent to our techs, but the techs must NEVER receive the PO for confidentiality reasons.
Is there way I can configure an SMTP s… Continue reading How can I configure an SMTP to Strip Certain Attachments [on hold]
Premise: I know pretty well how SMTP works, and how to read an e-mail header. I know what all the main fieds mean, but I couldn’t know what to look for if I want to know if the mail is kind of malicious (e.g. spoofed).
For i… Continue reading How to extract intresting data from malicious e-mail header
Our organization has blocked all outbound SMTP traffic under the assumption that we are preventing potential botnet spamming issues which lead to blacklisted IPs. However, I’ve seen other organizations which have been set up … Continue reading What are recommendations for unblocking outbound SMTP traffic in an organization?
I’m currently pentesing a client (with permission of course) and we are testing their email filtering capabilities. We want to check whether they reject mail coming from open mail relays, but I seem unable to find any. Is the… Continue reading Is there a list of open mail relays I can use for a pentest? [on hold]
What attacks should I consider:
When sanitizing the user’s input (their email address), for example to prevent local deliveries?
To prevent any sort of Denial of Service against the mail sending service?
When sending mail o… Continue reading What security considerations are there when sending an email from my software to a user? [on hold]
I am new to networking so maybe there might be a simple answer to my question or that I can’t phrase it in a way that a search can give helpful answers to.
Say I have two public IP’s communicating. One is 111.111.111.111 and… Continue reading are communications through public ip addresses capturable if one were to use a packet sniffer on the lan [on hold]
I recently set up an SMTP server for myself to use, and I am getting some traffic from two IP addresses and none else (though for obvious reasons I will not state the addresses here).
An example session (which, in fact, repe… Continue reading Why would an attacker try SMTP login many times even though it is disabled?
So I’m doing a research study on Simple Mail Delivery Protocol (SMDP)
for those of you who don’t know what it is, it’s a new protocol for Email delivery that promises complete anti-spam filtering.
While I was doing my resear… Continue reading Simple Mail Delivery Protocol (SMDP), where is it today? what do you think of it?
Many people (including me) receive ransomware
Mail like this
I know how to use the swaks tool to forge mail senders.In my practice, fake mail can only be different domain names, for example, a person forges a.com to send fake… Continue reading How does this email scam work?