2 Email Flow and Header Analysis

Due to the increase in email threats and the use of spoofing techniques to impersonate known legitimate domains, it has become crucial for SOC analysts to understand the email message flow and email authentication process, as well as analyze email headers to collect additional artifacts and investigate and observe potential spoofing attempts.

The objective of this chapter is to learn about the email message flow and understand email authentication protocols such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-Based Message Authentication, Reporting, and Conformance (DMARC) and how they work. You will also learn how to analyze an email’s message header and observe any spoofing attempts ...

Get Effective Threat Investigation for SOC Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Effective Threat Investigation for SOC Analysts by Mostafa Yahia

2

Email Flow and Header Analysis

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly