cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Identify legit emails vs Spoofed emails in the Header

%3CLINGO-SUB%20id%3D%22lingo-sub-2049373%22%20slang%3D%22en-US%22%3EIdentify%20legit%20emails%20vs%20Spoofed%20emails%20in%20the%20Header%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2049373%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20to%20differentiate%20between%20legit%20and%20spoofed%20emails%20from%20looking%20into%20email%20header%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20saw%20an%20spoofed%20email%20saying%26nbsp%3B%3CEM%3Evia%20return-path%3C%2FEM%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20does%20Outlook%2FExchange%20process%20to%20choose%20and%20pick%20the%20legit%20emails%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2049373%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Ali Fadavinia
Contributor

‎Jan 11 2021 08:08 AM - edited ‎Jan 11 2021 08:27 AM

‎Jan 11 2021 08:08 AM - edited ‎Jan 11 2021 08:27 AM

Identify legit emails vs Spoofed emails in the Header

Hi everyone,

 

Is there any way to differentiate between legit and spoofed emails from looking into email header?

 

We saw an spoofed email saying via return--path in the To:... section. And it comes from return--path.com.

 

So what is the area of mismatch between legit and spoofed email that exchange or outlook consider one as an unverified email?

 

How does Outlook/Exchange process to choose and pick the legit emails?

 

Thanks

221 Views
0 Likes
3 Replies
Reply
3 Replies
MDadarkar

‎Feb 25 2021 01:01 AM

‎Feb 25 2021 01:01 AM

Re: Identify legit emails vs Spoofed emails in the Header

@Ali Fadavinia 

 

Hi,

 

This method I have witnessed when you do the spoofing INTERNALLY....

Copy email header and paste it in "Microsoft Message Header Analyzer" tool

 

If it is spoofed email you will find like this

> X-MS-Exchange-Organization-AuthAs: Anonymous

 

if it is a legitimate email you will find this way
> X-MS-Exchange-Organization-AuthAs: Internal

 

External spoofing : An SPF record is playing a key role here to block spoofing emails –
(SPF record: a list of IP addresses which are authorized to send emails from a domain.)

Most probably your mail gateway will block the spoofing emails based on define RULES.

 

Thank you,

Regards,
MD

1 Like
Reply
Ali Fadavinia

‎Feb 25 2021 06:41 AM

‎Feb 25 2021 06:41 AM

Re: Identify legit emails vs Spoofed emails in the Header

Thanks MD, I will give it a try
0 Likes
Reply
MDadarkar

‎Feb 25 2021 06:45 AM

‎Feb 25 2021 06:45 AM

Re: Identify legit emails vs Spoofed emails in the Header

@Ali Fadavinia 

 

Most welcome buddy.

 

TC,

 

Regards,

MD

0 Likes
Reply