Threat Hunting Through Email Headers
DKIM: Everything You Need to Know About Digital Signatures
Understanding SPF, DKIM and DMARC
Put simply, SPF, DKIM and DMARC are ways to authenticate your mail server and to prove to ISPs, mail services and other receiving mail servers that senders are truly authorized to send email. When properly set up, all three prove that the sender is legitimate, that their identity has not been compromised and that they’re not sending email on behalf of someone else.
These antispam measures are becoming increasingly important, and will one day be required by all mail services and servers. ISPs and mail services, such as Gmail and Office 365, are getting more and more stringent in the types of email they’ll accept, so having all three checks configured ensures that email gets delivered and isn’t rejected outright or otherwise delayed.
Phishing – Email Header Analysis
Email Headers hold a lot of information. Much of this information is never displayed to the user. The email reader only sees a select few pieces of information like the subject, date, and the sender’s email and info. The surprising part is that the information that is actually displayed to a user can be easily forged!
Email & Email Headers Checking Tools:
To Analyze Email Headers, User Google Apps https://toolbox.googleapps.com/apps/messageheader/
This Email Checker Tests The Validity & Reachability Of An Email Address https://network-tools.com/email-tests/