An organization suspects it is receiving spoofed e-mails from a foreign-hosted web e-mail service. Where can the MOST relevant be found to begin the process of identifying the perpetrator?
A.
E-mail logs from foreign-hosted web server
B.
Message header of received e-mails
C.
Traffic logs from the corporate firewall
D.
Log files of the corporate Simple Mail Transfer Protocol (SMTP) server
Emails header can sometimes have a lot of information in them, quite easily accessible.
That's also why when forwarding a suspicious email to the relevant security service, the email must not be just forwarded, but rather joined as attachement, so as to preserve the headers in it.
Answer B is right: The most relevant place to begin the process of identifying the perpetrator would be to analyze the email headers. Email headers contain detailed information about the sender, including the IP address of the originating server. This information can be used to trace the source of the email and determine whether it is indeed being spoofed.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
73f8ac3
6 months agoevilCorpBot7494
8 months, 3 weeks agoArsh_2022
1 year, 8 months agojackdryan
1 year, 6 months ago