Introduction
Did you ever got a mail from yourself, but you’re sure you did not send it?
This week I got that mail from a mail alias I’m using, so it’s actually not a native mailbox, but a mail forwarder address, which makes the claim that “the mailbox is hacked” pretty silly…
But if you got this message from a native mailbox, it does sound scary, isn’t it?
I already had some similar symptoms on other mail addresses in the same domain.
Symptoms
You get a mail from your own mail address… which is called mail spoofing.
And it looks like:
Spoofed mail message content
Hi!
As you may have noticed, I sent you an email from your account.
This means that I have full access to your account.I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.I also have access to all your contacts and all your correspondence.
Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.If you want to prevent this,
transfer the amount of $778 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).My bitcoin address (BTC Wallet) is: 1GoWy5yMzh3XXBiYxLU9tKCBMgibpznGio
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.If I find that you have shared this message with someone else, the video will be immediately distributed.
Best regards!
Root cause
The DNS setting of your domain is missing SPF records, that counter mail spoofing (an unauthorized mail server, user or hacker sending mail as “you”)…
Troubleshooting
When looking at the mail properties it’s pretty difficult (if not impossible) to find out who actually has sent the mail….
Solution
Basic domain settings
Add an SPF record to your domain DNS settings.
To get started, look up your mail provider or hosting provider’s name + SFP.
FYI, I’m hosting my domains at one.com, they’ve got some straight forward advise to configure the DNS. For any other domain, at any other provider it’s similar.
Office 365
When you buy a domain, but host your mail on O365, there are some additional settings to configure. But Office 365 will explain.
The easy part, logon to your O365 tenant, and check your domain health (see video below)
For more info, check these documents:
-
Set up SPF in Office 365 to help prevent spoofing | Microsoft Docs
- How Office 365 uses Sender Policy Framework (SPF) to prevent spoofing
- Office 365: Using SPF, DKIM and DMARC for Secure Messaging
References
SPF tooling
Other security options
See also
Hotmail/Outlook.com Solving Mass Mailing Delivery Issues
Short URL: Http://aka.ms/outlook.com/help
- Sender ID Framework SPF Record Wizard: https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard
- Sender ID: “Implementation Tips for the Sender ID Framework—Creating Your SPF Record”: http://www.microsoft.com/en-us/download/details.aspx?id=5546
While SPF is the first step, you should also consider DMARC and DKIM.
