IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [email]

Related to email protocols, clients, servers, content, and message format.

1793 questions
151
votes
8 answers

How can PayPal spoof emails so easily to say it comes from someone else?

When I receive a payment in PayPal, it sends me an email about it (pictured below). The problem is that the email is shown to be coming from the money sender's email address and not from PayPal itself, even though the real sender is PayPal. Here is…
Sunny88
  • 1,629
  • 2
  • 11
  • 6
132
votes
4 answers

What are the security reasons for disallowing the plus sign in email addresses?

My question is based on this tweet after I commented about forbidding + symbols in email addresses. The tweet says, "This is a measure we've taken for security reasons." This can be frustrating and inconvenient for people that have (or use) plus…
Matt
  • 3,242
  • 2
  • 22
  • 27
38
votes
12 answers

How can I prove that a certain email was not sent to my account?

Someone is claiming to have sent me an email to my Hotmail account. I never received this email. They have forged an Outlook email showing the date and time that it was sent. How can I prove that their claim is forged?
Farzin Tabatabai
  • 405
  • 1
  • 4
  • 3
35
votes
2 answers

Is email less secure than voicemail, snail mail, or internet portals for transferring sensitive information?

Where I am in the US, health care providers refuse to send anything through email (e.g. even something as trivial as an appointment reminder). Often they claim that email is not secure. Instead they will send me information (e.g. appointment…
user55743
35
votes
5 answers

Can I prove that I did not receive an email?

A company are saying they sent an email to me. I have gone through all of my inbox, junk, and deleted files and the email still doesn’t exist. They have asked me to prove the email never got to me by asking my email provider to send over log details…
Mark
  • 351
  • 1
  • 3
  • 3
31
votes
3 answers

How can people send me spam emails from the future?

Is this an exploit of the email system of some sort? I receive a great deal of spam every day, and my accounts in Yahoo and Gmail sometimes show me spam emails from the future. Yes, the future. Sometimes it will give me a day ahead when they…
yuritsuki
  • 538
  • 1
  • 5
  • 10
29
votes
3 answers

Is it bad to only sign some of a domain's emails with DKIM?

Is it OK if I sign a subset of domain emails, or is this an all-or-nothing game? We use Amazon's Simple-Email-Service for sending e-commerce emails. We would like to sign these with DKIM. This same domain is also used for all email addresses for the…
Brian Webster
  • 293
  • 1
  • 3
  • 11
27
votes
6 answers

Why would someone want to block images in email?

While there is the possibility that this is just to prevent people from viewing offensive images against their will, somehow I don't think that's the reason why pretty much every email client defaults to making the user white list every single email…
EpsilonVector
  • 373
  • 1
  • 3
  • 6
26
votes
3 answers

Can I Retrieve Email Addresses from BCC?

How can I unmask the e-mail addresses in a Bcc field when I am just a recipient? Need very simple, step-by-step instructions for someone who doesn't code. I have received a group e-mail and would really like to see the others who got it.
Jenny B
  • 289
  • 1
  • 3
  • 4
25
votes
5 answers

Are web scrapers fooled by obscured emails anymore?

It's a common practice online that instead of writing your email as someone@example.com people will instead write it as someone AT example.com in an attempt to make it harder for web scrapers to find your email address on a web site. Is this even…
DLeh
  • 359
  • 3
  • 6
24
votes
4 answers

Why is it even possible to forge sender header in e-mail?

With so many popular e-mail providers forcing users to log on using their SMTP servers, why is it still possible to forge "From: " header in e-mails? What prevents users from simply discarding the e-mails in which the source domain of the sender…
d33tah
  • 6,544
  • 8
  • 40
  • 61
21
votes
5 answers

What are the supposed security benefits of a "dead-drop" email strategy?

This was in the news recently. Here's what they were said to have been doing: Petraeus and Broadwell apparently used a trick, known to terrorists and teenagers alike, to conceal their email traffic, one of the law enforcement officials said. Rather…
Jeff Atwood
  • 4,564
  • 6
  • 27
  • 29
20
votes
4 answers

What type of content better not to transfer by email?

Email is one of the main tools of business communication. On the other hand, it is not a secure way of communication. But to what extent it is not secure? I have always wondered how sensible it is to use email, for example, for sending: e-tickets…
rem
  • 2,127
  • 2
  • 19
  • 28
16
votes
6 answers

Email headers from messages sent via Gmail online client contain private IP addresses. What are these addresses?

Someone has sent a sensitive email from my Gmail account. I wanted to trace the IP address by checking out the Received: by X field in the header of the sent message. However, every message that is sent from Gmail and that I check the header from…
codd
  • 263
  • 1
  • 2
  • 5
15
votes
2 answers

Best practices for email security

I writing a security layer for my app and I would like your input on updating users' email addresses (also used for the login). I'm interested to hear from anyone who has written an application with similar requirements. How would you go about it?…
Mohamad
  • 477
  • 1
  • 6
  • 11
1
2 3
12 13