TWiki> Main Web>Computing>Mail>RealEmail (2010-02-23, WilliamSeligman) EditAttach

Is the message real?

The spammers are becoming more sophisticated in how they craft fake e-mail messages. Here are some tips to judge whether a e-mail message, especially one that involves system administration, is legitimate

  • System-administration messages from Columbia CUIT or Nevis will be sent from an e-mail address ending in .columbia.edu.

    For example, in a recent fake message, the (faked) From address ended in .state.md.us (the Maryland state government).

  • The names in any "From" e-mail address and in any signatures will match.

    For example, in the recent fake message, the faked From name was Carl Reaves, but the faked signature was Susan Townsend.

  • The message will be sent to you directly, or to a Columbia-related mailing list whose address ends in .columbia.edu.

    For example, the only "To" address in the recent fake message was info@notice.com.

  • In any e-mail message, do not click on a link unless you are certain of its source. In any system administration message from Columbia CUIT or me, such a link will end in .columbia.edu.

    For example, the link in the recent fake message ended in .9hz.com. Notice how this does not agree with any other address in the message.

  • Neither Columbia CUIT nor Nevis will ever ask you for your password to be sent via e-mail. Any message that does so is fake, no matter how realistic it seems.

  • If a mail message comes from a source that you do not recognize, do not click on any links in the message.

  • If a mail message asks you to download an attachment, that attachment may contain a computer virus. Look over such messages carefully; were they sent to you directly, from a source you recognize?

    For example, I receive many fake messages that claim to be from Fedex that contain attachments. Such messages are never sent from fedex.com.

  • Advanced trick: A message sent from WilliamSeligman will have a digital signature attached. The indicator for a digital signature varies between mail readers; for example, in Thunderbird it's a small icon of an envelope with a red dot in the center. Clicking on this icon will verify that the message was sent by WilliamSeligman. (I pay $20/year for the privilege of having a digital certificate, so please feel free to use it to check the validity of my e-mails.)

Our mail server contains anti-virus and anti-spam filters, but they are not perfect. Please be careful.

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2010-02-23 - WilliamSeligman
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback