For this discussion posting, I’m asking you to research and present on the structure of email headers, X-headers, forward headers, and how these fields could be used to identify

1) a spearphishing attempt and the attacker’s IP address

2) how these are used by SPAMers and identified by SPAM filters.

What other open source information could you use to “enrich” this data to create cyber threat intelligence? What is “dig” or “nslookup” and how could they be used in conjunction with this information to help identify who might be responsible for the spearphish and what other information can you derive based on link analysis?

——————————————————-

Write a response of 100 words for this paragraph:

Email Headers:

The email header is basically a code snippet which contains information about the sender, recipient, and email’s path to reach the inbox. It also includes some authentication details.

X-Headers:

X-header is an email header that are part of the email other than the standard email headers e.g. To, From, and Subject etc. The main purpose of X-headers addition to the email id for authentication results and spam filter information.

Forward headers:

The Forwarded header contains information from the reverse proxy servers that is altered or lost when a proxy is involved in the path of the request.

X header shows all the information that can be useful in flagging email as spam or malicious. For example, it shows sender email address, IP address, location, and ISP. The information provided by X-headers can used to block future emails from malicious user and it can be used determine the integrity of the email.

Response/Comment: