Nowadays, a lot of malware writers are attempting to use social engineering to dupe people into performing a task that will allow their malware to run. How do you tell the difference between malware and legitimate email?
In order to check if an email is authentic, we need to look at the information contained in the email header.
If you’re using Gmail.
- Open an email.
- Below the sender’s name, click the Down arrow.
- The message is authenticated if you see:
- “Mailed by” header with the domain name, like google.com.
- “Signed by” header with the sending domain.
If you’re checking your email on another email client, you can check the message headers.
- Open an email message.
- Find the “Authentication-Results” header.
- If the message was authenticated by SPF/DKIM, you’ll see “spf=pass” or “dkim=pass.”