Manualsbrain.com
  1. Manuali
  2. Marche
  3. Cisco
  4. Cisco Email Security Appliance X1050
  5. Libro bianco

Cisco Cisco Email Security Appliance X1050 Libro bianco

Scarica
Pagina di 22
 
 
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. 
Page 3 of 22 
The Problem of Forged Email 
As noted, this paper looks at forged email arriving from outside an organization. Spoofing where an internal 
mailbox is compromised is out of scope for this paper. In this document, alpha.com is the example customer 
domain being spoofed.  
For an introduction to spoofing refer to: 
. 
Briefly described, spoofing attacks include: 
1.  Envelope From abuse: 
Making the domain in the sender’s Mail From value (also referred to as "Envelope 
From”) the same as the recipient’s domain. This paper uses the terms “Mail From” and “Envelope From” 
interchangeably. 
2.  From header abuse: 
Using a legitimate domain for the sender’s Envelope From value but using a fraudulent 
From header
3.  Cousin domain abuse: Sending email from cousin domains that pass Sender Policy Framework (SPF), 
DomainKeys Identified Mail (DKIM), and Domain-Based Message Authentication, Reporting, and 
Conformance (DMARC) checks. The From value will show a similar sender address that impersonates a real 
one (for example, usin
 to impersonate 
). 
4.  Free email account abuse: Using free email (Yahoo, Gmail, etc.) that pass SPF, DKIM and DMARC checks. 
The From header will show a legitimate sender address with an executive’
. 
The four variants of attacks described above are shown in Figure 1 in the mailbox 
the variants 
are listed in the same order described, along with a legitimate healthcare mailer. Each fraud lists an executive’s 
name in the From field. Figure 2 shows the details of an attack similar to the first variant in Figure 1.  
Our goal at Cisco is to block any spoofs in these categories but allow legitimate mailers, like the one sending the 
healthcare notice, to be delivered. Legitimate mailers are also called “legitimate spoofs” in this white paper.  
Figure 1.    Forged Mail Attacks on Mailbox alan@alpha.com 
 
 
Envelope From Abuse
From Header Abuse
Cousin Domain Abuse
Free Email Account Abuse