Semester 4 / Operating Systems Security /Email Attacks

Email Attacks

2 min read Last updated Tue Jun 02 2026 18:48:59 GMT+0000 (Coordinated Universal Time)
Open in ChatGPT Open in Claude

Spam

Unsolicited bulk email often used for advertising or malware distribution. Represents 60–90% of global email traffic. Often contains malicious links or attachments.

Phishing

A social engineering attack that tricks users into revealing sensitive information. Passwords, financial data and other personal information are targeted.

Can be done through fake emails, websites or malicious attachments.

Spear Phishing

A targeted phishing attack aimed at specific individuals or organizations. Uses personalized and highly convincing messages. Often targets executives or employees.

Detection Signs

  • Urgent requests for information
  • Spelling errors
  • Suspicious links
  • Threatening messages

Security Practices

  • Do not click suspicious links.
  • Verify senders independently.
  • Use antivirus software.
  • Never share passwords through email.

Email Authentication Protocols

Mechanisms used to verify that an email sender is legitimate. Prevent email spoofing and reduce phishing attacks.

SPF

Short for Sender Policy Framework. A DNS record that lists which mail servers are authorized to send email on behalf of a domain. Works at SMTP layer.

Checks whether the sending server’s IP is listed in the sending domain’s DNS. Fails if not. Checks the Return-Path address only. Blind to From (visible to users) header spoofing.

DKIM

Short for DomainKeys Identified Mail. Adds a cryptographic signature to outgoing emails. Works at the message layer.

Email headers and body are signed using a private key before sending. Public key is published in DNS. Verifies the signature of received emails. If signature verification fails, the email was altered in transit or was not signed.

Does not verify that the signing server is authorized. A compromised private key can still produce valid signatures.

DMARC

Short for Domain-based Message Authentication, Reporting and Conformance. Builds on SPF and DKIM. Enforces alignment between the visible From domain and the domain verified by SPF or DKIM.

At least one of SPF or DKIM must pass and align. If both are aligned, better.

  • SPF alignment closes From spoofing.
  • DKIM alignment closes it only if the private key is uncompromised. DKIM-only leaves the compromised key risk open.

When an email fails authentication, DMARC instructs the receiving server to apply one of three policies:

  • none
    Take no action. Only collect reports.
  • quarantine
    Deliver to spam/junk folder.
  • reject
    Discard the email entirely.

Domain owners receive aggregate reports about authentication failures based on matching From domain.

Was this helpful?
PreviousWeb Browsers
NextMobile Apps