Skip to main content
Information Security

Questions tagged [email]

Ask Question

Related to email protocols, clients, servers, content, and message format.

1,828 questions
Newest Active Bountied Unanswered
2 votes
2 answers
82 views

Why would an email include a large number of consecutive Combining Grapheme Joiner (CGJ) characters?

I recently received an email that shows a summary/snippet in my inbox, which is not visible when opening the email. I checked the source and found that the suspect text is wrapped in a zero-height ...
James B's user avatar
James B
  • 161
1 vote
0 answers
2k views

What to do after a fraudulent online account was created with my email address and passed email verification? [closed]

Someone opened an Electronic Arts (EA) gaming account with my email address, and was able to pass email verification. I noticed this due to the unexpected email traffic related to welcome and address ...
buh321's user avatar
buh321
  • 11
20 votes
1 answer
4k views

Risks of using an email address that had belonged to someone else

I signed up for a free email address that I haven't used for anything critical, but after getting "pwned" in a data breach, I noticed, courtesy of haveibeenpwned, that the address had ...
fedorafan's user avatar
fedorafan
  • 303
1 vote
1 answer
67 views

Temporal associations of spam after emails to new addresses - how and what is leaked? [closed]

Sometimes when I send emails to new addresses, in relatively short periods of time I start to receive new kinds of spam. This pattern makes me to think that the spammers can somehow get my email ...
Imsa's user avatar
Imsa
  • 111
0 votes
1 answer
165 views

For e-mails without TLS connection, where is the connection not encrypted?

I am working on securing e-mails, and I have encountered opportunistic TLS. I have this issue where a server I am sending e-mails to is configured to not accept anything lower than TLSv1.3. However, ...
Bun's user avatar
Bun
  • 3
0 votes
2 answers
154 views

Hashed email addresses in database and plain text emails in JWT

I was just wondering what the downsides of the following approach would be: The email address I store is hashed (with a pepper that is db wide). This should (in my theory) better protect users in case ...
Trichter's user avatar
Trichter
  • 103
4 votes
0 answers
177 views

What are the drawbacks of a 4-digits OTP email verification & authentication system?

I'm trying to implement an email verification system (and also authentication system). I've decided against magic links as, even though they can be more secure, the user has a 50% change to begin the ...
sh03's user avatar
sh03
  • 183
5 votes
2 answers
1k views

Gmail's DMARC policy

I'm trying to understand how large email providers handle their DMARC records. I've taken a look at Gmail, and I'm a bit confused as to why they don't have a policy set for the main domain (p=none). ...
Hysii's user avatar
Hysii
  • 249
3 votes
2 answers
592 views

What use is SPF for email security in a cloud / SAAS world

I've just set up sending emails from my domain with Google workspace, and have just learned about SPF, DKIM, and DMARC. I'm wondering, what use is SPF in the modern internet. Probably half the ...
Jesse Rizzo's user avatar
Jesse Rizzo
  • 41
0 votes
0 answers
420 views

Receiving verification emails for sites I did not sign up to [duplicate]

I went to check my email and I noticed that I was flooded with emails from different companies that I never heard of before asking for email verification. I checked on my google account and from the ...
Kono M's user avatar
Kono M
  • 1
1 vote
1 answer
151 views

Using "send as" feature with gmail from custom domain not hosted by Google fails SPF and DKIM

I have my personal email address set as a "send as" option on gmail. Let's call it [email protected]. I don't use Google for any services relating to mydomain.com, so I don't have an admin ...
Adam J. Kessel's user avatar
Adam J. Kessel
  • 11
0 votes
0 answers
104 views

2FA and «Sign in from new location» email

If a user configures 2FA, and then he logs in from a new location, should we send an email to inform him that he just signed in from a new location? Even if it's not common, unnecessary notifications ...
Philip Zwei's user avatar
Philip Zwei
  • 11
2 votes
1 answer
294 views

Is there a way to "hijack" outgoing email just by just account access?

It's not that explicit of a question, so let me give you some details about a client of mine who happens to be scammed. An important email arrived with altered content (account numbers) from my client ...
p1100i's user avatar
p1100i
  • 123
1 vote
1 answer
159 views

MIME Boundary field meaning & decoding in email header(mail.com web client)

As we know some important information can be found in MIME Boundary field in email headers. Such as the one described in this interesting link (Dates in Hiding Part 2 — Gmail MIME Boundary Timestamps) ...
user1973744's user avatar
user1973744
  • 31
1 vote
0 answers
402 views

What is the meaning and method of decoding the "X-UI-Sender-Class" in email header? [closed]

In an email forensic study, I want to know the meaning of the field "X-UI-Sender-Class" in email header and how can we decode this information. Note: the email is sent from mail.com Email ...
user1973744's user avatar
user1973744
  • 31

15 30 50 per page
1
2 3 4 5
122