Investigating the email header of a spoofed message
In the previous section, we analyzed the email header of a legitimate and non-spoofed email message, and we learned about the various email authentication protocols, how they work, and the expected results of a successful email authentication process. In this section, we will examine the email authentication result of a spoofed email message to understand what it looks like when email authentication fails.
In this section, we will thoroughly examine the email authentication results of an email purporting to be sent from the fedex.com domain to the [email protected] email address. To investigate the email message, we followed the steps outlined in Chapter 1, which led us to conclude that the email was indeed malicious and contained a harmful attachment designed to gain unauthorized access to the victim’s machine. Our investigation raised the possibility that an attacker may have compromised one of the fedex.com users...