Tag: spam

Did I spam myself?

A client writes:

I just received an email from myself with a fraudulent QR code containing a link that’s clearly a scam. But it looks like it actually came from my email, and other people are listed as recipients. What should I do?

Sadly, it’s not difficult to make email appear on the surface as being from any given address. Harder to make that more than surface-level, requiring a true hacking of an account. Since you and I have worked together, we have pretty well covered the bases to set the chance of that happening to you dang close to zero.

In other words, and to answer the question of what you should do now: Ignore it, stay vigilant, and keep using those strong passwords and two-factor authentication, preferably with a password manager. (I got a blog post about those, and the TL;DR there is that, for iPhone users, Apple Passwords is free, and great even if you have a PC. And 1Password [affiliate link] is fantastic if you want something more robust.)

All that said, to get more forensic about it, you can look at the source code of the original. In Apple Mail on the Mac, go to View menu > Message > Raw Source.

I know it looks like the matrix, and I don’t pretend to read it like prose myself. But see below for an example of part of the source code from a legitimate message, one of the sections you can look for where you can see your domain and terms like “dkim” and “dmarc” matched with “pass”, which indicates my email service (Google) asking your email service (also Google), “Hey, is this legit from yourdomain.com like it purports to be?” and getting a couple different “Yes”’s in response.

ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=yourdomain.com header.s=google header.b=Ssjl9RVC;
spf=pass (google.com: domain of xxx@yourdomain.com designates
209.85.220.41 as permitted sender) smtp.mailfrom=xxx@yourdomain.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yourdomain.com;
dara=pass header.i=@mydomain.com

If you look in there and something doesn’t pass a sniff test, let me know!

Junk Mail mode in Apple Mail

I lost my junk mail icon – how do I get it back to teach my inbox what is junk?

Mail menu > Preferences > Junk Mail

Set it to automatically Move it to the Junk mailbox, as opposed to what used to be called Training mode, which is now, in Leopard the Mark it as junk mail, but leave it in my Inbox setting.

But before you do, I would suggest leaving it in Training mode for a bit, and clicking the Junk/Not Junk button. In fact, one will initially need to train Apple Mail to recognize legit mail — newsletters and such — by clicking Not Junk.

I’ve always said a month, but that’s an arbitrary guess on my part, and is contingent on someone being vigilant about clicking the Junk/Not Junk button. Stay in Training mode until you are confident that it’s catching junk mail correctly by marking junk mail brown, and leaving non-junk along.

Make sure that you add any trusted correspondents to your address book (Message menu > Add Sender to Address Book (⌘⇧Y)) to prevent them from being mis-identified as spam.

Gmail, if you use it, and you should be using it, will catch most of the spam most of the time, but that’s how you deal with the rest.