Your complete reference guide to email authentication, phishing, and security terminology
A sophisticated scam targeting businesses that work with foreign suppliers or regularly perform wire transfers. Attackers compromise or spoof executive email accounts to request fraudulent transfers.
Example:
An attacker compromises a CEO's email and sends payment instructions to accounting to wire funds to a fraudulent account.
Related Terms:
Collecting usernames and passwords through fake login pages, often delivered via phishing emails that mimic legitimate services.
Example:
A fake Microsoft login page that captures your Office 365 credentials when you try to view a 'shared document'.
Related Terms:
Setting the 'friendly name' in an email to impersonate someone, while the actual email address is different. Many email clients show only the display name.
Example:
An email showing 'From: CEO John Smith' but the actual email address is attacker@malicious.com.
Related Terms:
An email authentication technique that allows the receiver to verify that an email was actually sent and authorized by the owner of the sending domain. Uses cryptographic signatures.
Example:
A DKIM signature in the email headers proves the message hasn't been tampered with in transit and comes from the claimed domain.
Related Terms:
An email authentication protocol that builds on SPF and DKIM. DMARC tells receiving servers what to do if SPF or DKIM checks fail, and provides reporting on email authentication results.
Example:
A DMARC policy might instruct: 'If SPF and DKIM both fail, reject the email and send me a report about it.'
Related Terms:
The internet's phone book - translates human-readable domain names into IP addresses. Used extensively for email authentication (SPF, DKIM, DMARC records).
Example:
DNS lookups verify SPF records, retrieve DKIM public keys, and find mail servers for email delivery.
Related Terms:
Metadata attached to every email message that records the path the message took through mail servers, authentication results, spam scores, and technical details about how the message was processed.
Example:
Email headers show each server ('hop') the email passed through, timestamps, SPF/DKIM/DMARC results, and the true sending IP address.
Related Terms:
Forging an email header so the message appears to come from someone or somewhere other than the actual source. Often used in phishing attacks.
Example:
An attacker sends an email that shows 'From: security@paypal.com' in your inbox, even though it didn't actually come from PayPal.
Related Terms:
Email that falls between legitimate messages and spam - subscriptions you signed up for but no longer read, or bulk notifications you don't want.
Example:
Daily deals emails, social media notifications, or newsletters you once requested but now ignore.
Related Terms:
Domain names that visually resemble legitimate domains through character substitution, typos, or similar patterns (also called typosquatting or combosquatting).
Example:
Using 'arnaz0n.com' (zero instead of 'o'), 'microsof1.com' (one instead of 't'), or 'paypa1-security.com' to impersonate legitimate brands.
Related Terms:
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Often delivered via email attachments.
Example:
A Word document attachment containing macros that download ransomware when opened.
Related Terms:
A unique identifier assigned to each email message, formatted as a string with domain name. Used for threading, duplicate detection, and forensic tracking.
Example:
Message-ID: <20240115123456.ABC123@mail.example.com>
Related Terms:
A DNS record that specifies which mail servers receive email for a domain. Multiple MX records provide redundancy and load balancing.
Example:
The MX record for gmail.com points to Google's mail servers, telling the world where to deliver @gmail.com emails.
Related Terms:
A cyber attack where fraudulent emails impersonate legitimate organizations to trick recipients into revealing sensitive information like passwords, credit card numbers, or personal data.
Example:
An email appearing to be from your bank asking you to 'verify your account' by clicking a link and entering your credentials.
Related Terms:
A type of malware that encrypts your files and demands payment (usually in cryptocurrency) for the decryption key.
Example:
CryptoLocker emails with infected attachments that encrypt all documents and display a ransom demand.
Related Terms:
Special email headers added by each mail server that handles a message, showing the complete path from sender to recipient. Read bottom-to-top to trace the email's journey.
Example:
A series of 'Received: from' lines showing the email went from the sender's server → their ISP → recipient's ISP → recipient's mailbox.
Related Terms:
The email address where bounces and delivery failures are sent. Can differ from the 'From' address and is often used to track which sender gets bounce notifications.
Example:
Bulk email services often use 'Return-Path: bounces@emailservice.com' while showing 'From: newsletter@company.com'.
Related Terms:
The standard protocol used to send email between mail servers and from email clients to mail servers. The foundation of email transmission on the internet.
Example:
When you click 'Send', your email client uses SMTP to deliver the message to your outgoing mail server.
Related Terms:
An SPF result indicating the sending server is not explicitly authorized but not explicitly forbidden. Often treated as a warning rather than rejection.
Example:
SPF result 'softfail' means 'probably not authorized' but mail servers typically deliver it anyway, possibly marking it as spam.
Unsolicited bulk email sent to many recipients, typically commercial advertising. Different from phishing (which aims to steal data) but often uses similar techniques.
Example:
Mass emails advertising cheap pharmaceuticals, weight loss products, or 'work from home' schemes.
Related Terms:
A numerical rating assigned by spam filters indicating the likelihood a message is spam. Higher scores mean more spam-like characteristics detected.
Example:
SpamAssassin might assign a score of 8.5 based on suspicious links, excessive capitalization, and blacklisted sender IP.
Related Terms:
A targeted phishing attack directed at specific individuals or organizations, often using personalized information to appear more legitimate and trustworthy.
Example:
An email to a CFO appearing to come from the CEO, addressing them by name and referencing a real current project, requesting an urgent wire transfer.
An email authentication method that specifies which mail servers are authorized to send email on behalf of a domain. SPF records are published in DNS and checked by receiving mail servers.
Example:
If example.com publishes an SPF record, it tells the world which servers can legitimately send email from @example.com addresses.
Encryption protocols that secure email in transit between mail servers, preventing eavesdropping. Shows as 'ESMTPS' or 'SMTPS' in Received headers.
Example:
When Received headers show 'ESMTPS', the email was encrypted during that hop, protecting it from interception.
Related Terms:
Spear phishing attacks specifically targeting high-level executives ('big fish') like CEOs, CFOs, or other C-suite individuals.
Example:
A fake legal subpoena sent to a CEO designed to steal credentials or deliver malware.
Related Terms:
Social Engineering
Psychological manipulation tactics used to trick people into divulging confidential information or performing actions against their interest.
Example:
Creating urgency ('Your account will be closed in 24 hours!') or authority ('This is your IT department') to bypass critical thinking.
Related Terms: