Have I been Spoofed Graphic SPAMDo you know spam when you see it? If your inbox is like mine, you probably do. But inboxes across the globe are also seeing a new threat, a usually-malicious email purportedly from a friend, or sometimes even from ourselves. It may contain an unknown link or an attached file (often a PDF). We have all become aware of the necessity to avoid clicking on anything in a strange email, so the hackers and thieves have adapted and are now able to make the email look somewhat more genuine.

If you have received an obvious piece of spam from a friend, it doesn’t mean their computer has been hacked, the usual supposition. It most likely means that their email address has been spoofed.

E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations.

Spammers spoof those addresses all the time, and unfortunately, it’s not difficult to do. In fact, we recently observed a flurry of replies to a spoof email from a client’s address.

Zen Marketing deploys rather sophisticated anti-SPAM software on our server. So does Google, Yahoo and other ISP’s who provide email services. Even MS Outlook has pretty good filtering tools for combatting SPAM.

Mail servers like ours “verify” that the IP address that is sending a message was authorized to send mail on behalf of a specific domain. It is referred to as the Sender Policy Framework (also known as the SPF record). Each time an email message is sent, the receiving email server compares the IP of origin for the message with the IP address listed in the SPF record for the email address’s host. If the two IP addresses match, then the email could pass through to the intended recipient. If the IP addresses did not match, then the email would be flagged as spam or rejected altogether.

There is a new protocol on the horizon, known as DMARC, or Domain-based Message Authentication, Reporting, and Conformance. This emerging use of the DMARC record resolves most of the issues with SPF records because it shifts the burden of deciding how to respond away from the mail recipient.

The problem is, DMARC is not widely in use… yet.

How Can You tell?

If you want to tell if an email isn’t from the person you think it is, you will have to dig into the headers and know what you are looking for (like we described above). That is a difficult task for even tech-savvy guys like Alex, who manages and directs the actions of our server.

Besides, do you have time for that throughout your busy workday?

And if you click “reply” your friend or contact is only going to be confused, because they have no prior knowledge of the email.

spam_can_graphicSo What Can I Do?

Make certain your SPAM filters are set to the highest priority or strongest setting. This varies from provider to provider (Zen Clients already enjoy this, but sometimes they get through). And Outlook, Firefox, and Thunderbird users, always set your inbox up to NOT display images automatically in an email. The act of rendering an image sends open information back to the sender.

Never click links that are unknown to you, and never download an unknown attachment. Sounds a bit patronizing but all it takes is one employee in your company with an email supposedly from you and a “click”…

Use anti-Malware software. Programs like AVG or Malwarebytes for fighting viruses and malware are a necessity today.

The Bottom Line

The bottom line: end-users are always the weakest link in security. You must keep your brain’s own email filters turned all the way up – especially whenever you receive an email you weren’t expecting. We’ll help to keep you educated, but also rely on good anti-malware software and keep it up to date.

Finally, always be on alert for changes in issues like these. We will continue to fight spam and phishing on your behalf but the hackers are always devising new ways to cause damage.