SMTP server at spectrum says this is not their mail but TBird thinks it came from there. How?
Can I forward this mail piece and have your sleuths look at it to see if Spectrum Security is correct and it is a spoof that fools TBird?
All Replies (3)
Checking that a mail comes from a given *domain* is provided with an add-on (Dkim verifier), I have never tested it. If the domain does not provide DKIM, there is no way to say for sure if a mail comes from a domain. Take a look at the mail headers to see if you find a DKIM-Signature field. If yes, the add-on should be able to verify this field and say if the mail is genuine. If not, there is no point to install the add-on (at least for this site)
There is no "DKIM" in the header. There is another suspicious email address in the header found like this:
Subject Y-5577594 From: Cooler <email@example.com> To: firstname.lastname@example.org
This email@example.com is the "To" address that Tbird displays in my e-mail "To:" position for incoming mail. But, of course, I am not "firstname.lastname@example.org". I am "email@example.com".
If there is no DKIM header, it means that the mail is not signed with the domain key. In this case everything can be faked, the Subject, the From: and To: fields. There are 2 very different kinds of 'to, the 'to' passed to the mail server to distribute the mail (it has to be correct else the mail is returned), and the 'to' included in the mail source (what is distributed by the receiving mail server). The last 'to' can be anything that the sender wants. Such antics are not usually done with a standard mail client such as Thunderbird, of course.