undefined | Better HN

0 pointsthrowawwey1y ago0 comments

This isn't really related to the parent comment, but I can't help myself from asking. I've been getting emails that look like they're from my own email address. They usually threaten to share my browser history unless I pay money. Has anyone else seen these kinds of scam emails? How can I stop them? I use two-factor authentication, so my account should be safe, but these emails still worry me. Any tips would be great!

0 comments

TonyTrapp1y ago

If you are in control of the domain of your email address, enable SPF and DKIM for that domain, together with strict policies that mail servers should reject spoofed mails claiming to come from that domain. If your own mail server supports validating SPF and DKIM, you would no longer receive such forged mails, nor anyone else behind a mail server supporting SPF and DKIM.

If you aren't in control... just ignore it like any other spam mail.

Avamander1y ago

The thing that enforces the existence of either SPF or DKIM is called DMARC, setting that to "reject" or "quarantine" is the most critical step for preventing forgeries like that.

kiliankoe1y ago

E-Mail allows setting the From header to whatever you want. These mails won't have valid DKIM or SPF data because they're not sent through your mail server. There's nothing to worry about, it's just spam, your account isn't compromised (unless of course it is, and they're sending it through yours, but they likely wouldn't try to scam you like that then). Just one of the quirks of e-mail we have to live with.

radicality1y ago

Huh, interesting, I just saw something like that in my spam filter for my own domain. It looked like some kind of an email forward from onmicrosoft.com, with the original email spoofed from my own domain with an email that doesn’t even exist on my domain.

Technetium1y ago

Do not click the links or allow images to load, and you will remain safe. View the full raw email and look at the headers. Search who is registered for the domain in question. Contact their hosting provider.

j / k navigate · click thread line to collapse