<div class='os_post_top_link'><a href='http://www.itsecurity.com/features/25-common-email-security-mistakes-022807/' target='_blank'>http://www.itsecurity.com/features/...istakes-022807/</a><br /><br /></div>"Someone recently pointed me to this article which describes the 25 Common Email Security mistakes people make.... It's an interesting read and one section really did make me smile! About making people aware that when they receive email from unknown sources...<br /><br /><li> You have not won the Irish Lotto, the Yahoo Lottery, or any other big cash prize.<br /><li> There is no actual Nigerian King or Prince trying to send you $10 million.<br /><li> Your Bank Account Details do not need to be reconfirmed immediately.<br /><li> You do not have an unclaimed inheritance.<br /><li> You never actually sent that "Returned Mail".<br /><li> The News Headline email is not just someone informing you about the daily news.<br /><li> You have not won an Ipod Nano."<br /><br /><br /><br />Jason Langridge points out a very useful article that I enjoyed reading through. If there is one rule I could make others obey it would surely be "Never trust the From: line"! Clients at the Hosting company I consult for continually have issues with that one simple rule, most often complaining to us that "Someone has hacked my account" when they get returned mail or get spam from themselves. Oh how I wish people would spend some time and learn how to talk to a SMTP server - then they'd see just how easy it is to change the "From" line!

I'm probably the only person here who doesn't know this, but how do spammers and phishers provide a link that takes you to their spoof site, but which appears to have a legitimate domain name?

call me crazy, but I acutally enjoy those spam sometimes. They're actually comical to read. Lol!

Funny :lol: And the absolute truth!!!!!! I think that we have all recieved those e-mails.

call me crazy, but I acutally enjoy those spam sometimes. They're actually comical to read. Lol!

Well, okay, I receive hundreds a day. You're welcome to take a good portion of it for bedtime reading. ;)

I'm probably the only person here who doesn't know this, but how do spammers and phishers provide a link that takes you to their spoof site, but which appears to have a legitimate domain name?

Plain old HTML. They simply wrap the seemingly legitimate address in a fake one, like so:

http://www.pocketpcthoughts.com/ (http://clickherebecauseitoldyouso.com/)

I'm probably the only person here who doesn't know this, but how do spammers and phishers provide a link that takes you to their spoof site, but which appears to have a legitimate domain name?

Plain old HTML. They simply wrap the seemingly legitimate address in a fake one, like so:

http://www.pocketpcthoughts.com/ (http://clickherebecauseitoldyouso.com/)

Another old trick is the @ symbol or user credentials in the URL string. An old method of allowing a person to specify access credentials inline with the URL was http://username:[email protected] (This allowed you to jump past pesky login pop-ups). However, this can be used with sites that don't require authentication in the following ways:

http://www.microsoft.com:[email protected]

or

http://[email protected]/

those both don't take you remotely near microsoft.com, but look like they will.

All good tips. I noticed that the article assumes the user is using Outlook for e-mail (based on the commands and backup tools he references), but says nothing about Outlook's status as most-hackable e-mail program. I would have expected a mention of other e-mail apps that are a bit more secure.