public:emai:malware

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
public:emai:malware [2023-03-09 09:42] veselypublic:emai:malware [2026-04-19 21:40] (current) vesely
Line 12: Line 12:
  
 **The generously opened and heterogeneous nature of the academic and research institution is extremely vulnerable to such kind of threat.** Regular enterprises and other profit-making businesses are usually much more homogenous with much simpler rules and measures against the third parties (no IMAP, no access to emails from non-business devices, strict mobile device management, blocked or limited traffic etc.). **The generously opened and heterogeneous nature of the academic and research institution is extremely vulnerable to such kind of threat.** Regular enterprises and other profit-making businesses are usually much more homogenous with much simpler rules and measures against the third parties (no IMAP, no access to emails from non-business devices, strict mobile device management, blocked or limited traffic etc.).
- + <font inherit/inherit;;#f39c12;;inherit>**Both areas**</font>  of 
-Both areas of malicious or potentially problematic emails and regular emails are overlapping; it is not easy to distinguish between them sometimes.+ <font inherit/inherit;;#c0392b;;inherit>**malicious or potentially problematic emails**</font>  and 
 + <font inherit/inherit;;#339933;;inherit>**regular emails**</font>  ** 
 + <font inherit/inherit;;#f39c12;;inherit>are overlapping</font>  **; it is not easy to distinguish between them sometimes.
  
 **The most dangerous threats are usually those of the "zero day attack" nature**; they usually take advantage of badly protected or misprotected email servers and domains so they can mimic the regular sender.\\ **The most dangerous threats are usually those of the "zero day attack" nature**; they usually take advantage of badly protected or misprotected email servers and domains so they can mimic the regular sender.\\
Line 43: Line 45:
   * [[:public:emai:malware#bad_dmarc|Bad DMARC]] -   * [[:public:emai:malware#bad_dmarc|Bad DMARC]] -
  <font inherit/inherit;;#f39c12;;inherit>[Bad DMARC]</font>  - the sender's domain does not have DMARC record and SPF set properly.  <font inherit/inherit;;#f39c12;;inherit>[Bad DMARC]</font>  - the sender's domain does not have DMARC record and SPF set properly.
-  * [[:public:emai:malware#bad_dmarc|Bad ARC]] -+  * [[:public:emai:malware#arc|Bad ARC]] -
  <font inherit/inherit;;#f39c12;;inherit>[Suspicious - bad ARC]</font>  - the sender's email has ARC Seal but it's validation did not succed (e.g. invalid calculated email hash).  <font inherit/inherit;;#f39c12;;inherit>[Suspicious - bad ARC]</font>  - the sender's email has ARC Seal but it's validation did not succed (e.g. invalid calculated email hash).
   * [[:public:emai:malware#ip_reputation_database_-_dnsbl|DNSBL listed]] -   * [[:public:emai:malware#ip_reputation_database_-_dnsbl|DNSBL listed]] -
  • /var/www/html/dokuwiki/data/attic/public/emai/malware.1678354936.txt.gz
  • Last modified: 2023-03-09 09:42
  • by vesely