asked on tracking accountability for scam email involving money
a user A said her client received an email from her (the from email address show up as A email address).. requesting for payment. the client made the payment without checking with A.
client is using gmail.
Is there anyway that user A can proof that the email was not sent from her likely to be a spam email that the client received?
How can the client checked on her side if the email she received was a spam email?
client is using gmail.
Is there anyway that user A can proof that the email was not sent from her likely to be a spam email that the client received?
How can the client checked on her side if the email she received was a spam email?
Outlook* Email HeaderGmailSecurity
Last Comment
grnow
ASKER
under cPanel track delivery there is a log for this particular email, the sender ip is shown as 127.0.0.1 not the isp IP address. the email was not sent specifically from A as it’s not shown up in the outlook sent items folder. read from other sites it means cPanel sending the spam itself?
This information is not reliable without the mentioned security measures.
You can't prove a negative. It is up to the recipiient to prove that the email was legitimate ie.
rewcieved an email from accounting@t0ta1supp1y.com but they thought it was from accounting@totalsupply.com or the link to pay was http://t0ta1supp1y.com with a pay now button. Againn it is up to the user to verify that (a) the email is legit and (b) any payment is sent to the correct party.
rewcieved an email from accounting@t0ta1supp1y.com but they thought it was from accounting@totalsupply.com or the link to pay was http://t0ta1supp1y.com with a pay now button. Againn it is up to the user to verify that (a) the email is legit and (b) any payment is sent to the correct party.
1) a user A said her client received an email from her (the from email address show up as A email address).. requesting for payment. the client made the payment without checking with A.
client is using gmail.
Is there anyway that user A can proof that the email was not sent from her likely to be a spam email that the client received?
Yes. This is done using SPF.
In other words if you owner example.com then you'll setup an SPF record designating all IPs which can send email on behalf of example.com + anyone sending from any other IP can then be blocked, so this "forged mail" will be blocked by all Mailbox Providers, so is blocked before it's ever accepted anywhere.
2) How can the client checked on her side if the email she received was a spam email?
Simple.
If you get a message from a domain foo.com to take some action, never click an email link.
If you don't have a foo.com account, the message is spam.
If you do have a foo.com account, visit the site directly (no email clicking), to take any required action.
client is using gmail.
Is there anyway that user A can proof that the email was not sent from her likely to be a spam email that the client received?
Yes. This is done using SPF.
In other words if you owner example.com then you'll setup an SPF record designating all IPs which can send email on behalf of example.com + anyone sending from any other IP can then be blocked, so this "forged mail" will be blocked by all Mailbox Providers, so is blocked before it's ever accepted anywhere.
2) How can the client checked on her side if the email she received was a spam email?
Simple.
If you get a message from a domain foo.com to take some action, never click an email link.
If you don't have a foo.com account, the message is spam.
If you do have a foo.com account, visit the site directly (no email clicking), to take any required action.
ASKER
sorry late reply, the email service provider provided some logs and it shows that the user email was compromised.. apparently the email was sent from an ip from Africa using webmail. If SPF was setup, this situation shouldn't have happened? The email service provider said SPF already enabled.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thanks everyone for your replies
A must use a properly setup e-mail system. This includes CAA, SPF, DKIM, DMARC and digitally signed e-mails.
It can be only proofed, when you use such a system, which is also regularly audited.
Q2:
You need to setup a process with all involved clients, which includes verification of payment requests using a separate communication channel, most likely a method of verifying invoices and made payments. It especially includes documented material of how A does its invoice and payment processing and communications.
btw, such e-mail is not spam, it's called spear phishing.