Jan 11 2021 08:08 AM - edited Jan 11 2021 08:27 AM
Hi everyone,
Is there any way to differentiate between legit and spoofed emails from looking into email header?
We saw an spoofed email saying via return--path in the To:... section. And it comes from return--path.com.
So what is the area of mismatch between legit and spoofed email that exchange or outlook consider one as an unverified email?
How does Outlook/Exchange process to choose and pick the legit emails?
Thanks
Feb 25 2021 01:01 AM
Hi,
This method I have witnessed when you do the spoofing INTERNALLY....
Copy email header and paste it in "Microsoft Message Header Analyzer" tool
If it is spoofed email you will find like this
> X-MS-Exchange-Organization-AuthAs: Anonymous
if it is a legitimate email you will find this way
> X-MS-Exchange-Organization-AuthAs: Internal
External spoofing : An SPF record is playing a key role here to block spoofing emails –
(SPF record: a list of IP addresses which are authorized to send emails from a domain.)
Most probably your mail gateway will block the spoofing emails based on define RULES.
Thank you,
Regards,
MD
Feb 25 2021 06:41 AM
Feb 25 2021 06:45 AM