Email: how did the email server know the phishing attempt was spam?
Self-tutoring about email security: the tutor mentions one way an email application knew to classify a phishing attempt as Junk.
The following is according to my understanding.
I mention in my post from January 16, 2026, a rather unsettling phishing attempt that reached an email account I use. It (falsely) claimed to be from Canada Post; from the images it would have loaded had I viewed it, one might imagine it would have looked pretty convincing.
The email server, however, knew the email wasn’t authentic. How? Looking in the headers, it seems the email arrived via a chain of several servers. The first one’s ip address is listed, then another, then another.
The email claims to be from Canada Post, though via a different domain; interestingly, that domain is also authentic. However, it seems the email didn’t come from that one, either. (For background, see my post from January 6, 2026, about spoofing.)
The email server looked at the originating domain, and at the originating ip address, and can determine that said originating domain doesn’t permit sending emails from said originating ip address. It seems that is enough to convince the server – rightly so – that the email is spam.
Source:
Jack of Oracle Tutoring by Jack and Diane, Campbell River, BC.
Leave a Reply
You must be logged in to post a comment.