Why do phishing e-mails use faked e-mail addresses instead of the real one?Reading encrypted data before sent...
Does Garmin Oregon 700 have Strava integration?
Do Hexblade warlocks choose their spells from the Hexblade spell list or the warlock spell list?
How do you say "powers of ten"?
What is this waxed root vegetable?
Test pad's ESD protection
Manipulate scientific format without the "e"
Are small insurances worth it
Is it possible to convert a suspension fork to rigid by drilling it?
What am I? I am in theaters and computer programs
Giving a talk in my old university, how prominently should I tell students my salary?
A bug in Excel? Conditional formatting for marking duplicates also highlights unique value
Plagiarism of code by other PhD student
Get length of the longest sequence of numbers with the same sign
Why is s'abonner reflexive?
When should a commit not be version tagged?
What are all the squawk codes?
Is there a math equivalent to the conditional ternary operator?
Did Amazon pay $0 in taxes last year?
How can I handle a player who pre-plans arguments about my rulings on RAW?
What is knowledge and vision?
VAT refund for a conference ticket in Sweden
What happened to QGIS 2.x
Why can't we make a perpetual motion machine by using a magnet to pull up a piece of metal, then letting it fall back down?
I encountered my boss during an on-site interview at another company. Should I bring it up when seeing him next time?
Why do phishing e-mails use faked e-mail addresses instead of the real one?
Reading encrypted data before sent to remote serverMail server security: Mails to internal receivers with faked sender addressAttackers on sc.imp.live.comIs it enough to look at the sender's email address?Is this “security update” from security-update@amazon.com an advanced phishing scam or a real security measure from Amazon?How can an email header be used to verify the real sender?Can I trick a mail server into sending me an email?Phishing e-mail replied to internal email. What is compromised?Whitelisted, encrypted, signed e-mails: how could they be tricked?What is the point of spam mails containing nothing but random letters?
I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com
instead of just using the actual service@amazon.com
itself?
email phishing
add a comment |
I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com
instead of just using the actual service@amazon.com
itself?
email phishing
You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.
– schroeder♦
39 mins ago
add a comment |
I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com
instead of just using the actual service@amazon.com
itself?
email phishing
I read that you can write anything into the "from" field of an e-mail. If that is true, then why are phishing e-mails trying to trick me with look-a-like addresses like service@amaz0n.com
instead of just using the actual service@amazon.com
itself?
email phishing
email phishing
edited 44 mins ago
schroeder♦
77.1k30171206
77.1k30171206
asked 1 hour ago
JFBJFB
380136
380136
You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.
– schroeder♦
39 mins ago
add a comment |
You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.
– schroeder♦
39 mins ago
You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.
– schroeder♦
39 mins ago
You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.
– schroeder♦
39 mins ago
add a comment |
2 Answers
2
active
oldest
votes
While one could create a mail with @amazon.com
as SMTP envelope and/or From
field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.
add a comment |
- The phisher may be hoping to get any replies to send to that address.
- They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.
Using this tool I was able to check that amazon.com
does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.
SPF doesn't protect theFrom:
header, but the envelope sender.
– Esa Jokinen
8 mins ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204770%2fwhy-do-phishing-e-mails-use-faked-e-mail-addresses-instead-of-the-real-one%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
While one could create a mail with @amazon.com
as SMTP envelope and/or From
field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.
add a comment |
While one could create a mail with @amazon.com
as SMTP envelope and/or From
field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.
add a comment |
While one could create a mail with @amazon.com
as SMTP envelope and/or From
field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.
While one could create a mail with @amazon.com
as SMTP envelope and/or From
field of the mail header, the mail would likely be blocked since this domain is protected with SPF, DKIM and DMARC. This means that a spoofed mail would be detected as such and get rejected by many email servers. Contrary to this using another domain which is not protected this way or which is protected but controlled by the attacker is more successful.
edited 42 mins ago
schroeder♦
77.1k30171206
77.1k30171206
answered 56 mins ago
Steffen UllrichSteffen Ullrich
118k13204272
118k13204272
add a comment |
add a comment |
- The phisher may be hoping to get any replies to send to that address.
- They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.
Using this tool I was able to check that amazon.com
does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.
SPF doesn't protect theFrom:
header, but the envelope sender.
– Esa Jokinen
8 mins ago
add a comment |
- The phisher may be hoping to get any replies to send to that address.
- They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.
Using this tool I was able to check that amazon.com
does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.
SPF doesn't protect theFrom:
header, but the envelope sender.
– Esa Jokinen
8 mins ago
add a comment |
- The phisher may be hoping to get any replies to send to that address.
- They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.
Using this tool I was able to check that amazon.com
does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.
- The phisher may be hoping to get any replies to send to that address.
- They are trying to avoid the various frameworks that exist to prevent spoofed "from" fields from being perceived as authentic by a human user.
Using this tool I was able to check that amazon.com
does have SPF configured. Of course it's on your email client to check DNS for SPF, but most people's client's do do that.
answered 55 mins ago
ShapeOfMatterShapeOfMatter
2115
2115
SPF doesn't protect theFrom:
header, but the envelope sender.
– Esa Jokinen
8 mins ago
add a comment |
SPF doesn't protect theFrom:
header, but the envelope sender.
– Esa Jokinen
8 mins ago
SPF doesn't protect the
From:
header, but the envelope sender.– Esa Jokinen
8 mins ago
SPF doesn't protect the
From:
header, but the envelope sender.– Esa Jokinen
8 mins ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204770%2fwhy-do-phishing-e-mails-use-faked-e-mail-addresses-instead-of-the-real-one%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You could tell everyone that you are the Pope, and there is nothing that prevents you from doing that. But those who know who the Pope is would recognise that you are lying. Email has this verification process.
– schroeder♦
39 mins ago