Jump to content

Vetting domains for spoofers & phishers in email


dncollins
 Share

Recommended Posts

My question is not specifically about Malwarebytes, so if not appropriate here, I'd appreciate a cite to a security forum where I might get an answer.

My basic question is: if a trusted business (legit.biz for example) sends me email where the sender's address and any URL links in the email point at legit.biz or one of its subdomains, AND I've done my job to make sure the DNS servers used by my device/LAN are legit (haven't been hacked), what is my level of confidence that said email is legit and any links in it are legit ??

The reason I ask this question is that I commonly receive emails (which turn out to be legitimate) where the sending company uses a mass communication service to actually send the email to me and to handle any links I might invoke from inside that email.  Ergo, the domain of the sender and links is unfamiliar to me.  This raises my concerns about spoofing and phishing, so (for a billing reminder, for example),I ignore the convenient links in the email, and I manually fire up my browser and go to the legit business website to login and pay my bill.

My second question is: Couldn't vendors who want to offload mass communications to other companies use a subdomain they own (eg., im_ok.legit.biz) to indirectly point sender address and internal email links to their mass communication services, thereby making it transparent to me, but at the same time letting me trust that legit.biz is taking responsibility for services they use to help them give me service.

If the answer to the above question is yes, then it makes sense for me to ask legitimate businesses to use their own domain/subdomains in emails they send to me so that I can easily trust the content and links contained therein.  Right?

 

Link to post
Share on other sites

If a company sends email en masse they may get flagged as a spammer.  So companies choose service providers who specialize as mass e-mailers.  Companies like SendGrid.

They will substitute their own Link for the URL in the mass mailing.  This way if an account is compromised, or violates their Authorized Use Policy/Terms of Service (AUP/ToS), and sends out malicious emails, companies like SendGrid can disable their Link which neuters the malicious URL in the email.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

  • 3 months later...
7 hours ago, dncollins said:

Using mass mailers to avoid being flagged as a spammer seems like a reasonable step to take for a legit biz that sends lots of legit email.  But how does the average joe know which mass mailers to trust?

I use mailchimp.

Link to post
Share on other sites

My City uses MailChimp for news and FYI data.  They are a responsible entity and they conform to the US Can Spam Act.  I give MailChimp higher marks than SendGrid (Twilio).  ActiveCampaign is just "ok" and one of the worst is MailGun.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.