On 4/30/2012 2:19 PM, Jacob Beauregard wrote:
> On 04/30/2012 01:34 PM, J. Greg Mackinnon wrote:
>> There are lots of online resource available to help you identify a
>> phish. Google around a bit. A good starting point might be:
>> On this page, ebay support explains how to spot a fake email message
>> from ebay. Much of what is covered here also applies to
>> communications from UVM support staff.
> Tangentially related, is there a way to tell whether an email from a
> UVM address (presumably to another UVM address) was authenticated via
> username/password? I'm thinking to verify, that the first "Received"
> header would be smtp#.uvm.edu, and specify SSL/TLS. However, I don't
> know whether there's a specific indicator in the headers, which would
> be useful.
Our email admins would have more authoritative info, but my
understanding is that all email headers can be forged, so there would be
no conclusive way to prove that a message was "authentic" from mail
headers alone. Mail signatures might be useful here, or they may just
confuse everyone to death. Hard to tell.