pull down to refresh
21 sats \ 5 replies \ @DarthCoin 9h \ on: Suspected Alby Hub Attack bitcoin
Guy first check the email header.
Phishing means is faking the sender.
reply
Do not look at the sender email address. That is fake anyways and is how it tricks users.
Look at the header of the email message. In the header you can see the real email server that sent that message and its IP and all other technical details.
Usually in any email client, open the message and in properties you can see all the header info.
And if you want to compare it with what is the real getalby.com sender check it here
https://mxtoolbox.com/SuperTool.aspx?action=mx%3agetalby.com&run=toolpage#
Anyways strong DMARC, DKIM and SPF records must be implemented for any email domain you are running so most of email clients could reject phishing emails from the start.
reply
Same
reply
Situation is explained here: https://primal.net/e/nevent1qqswh5upmuma0h89vdnh7pnk6ap637xg0mtt0k32hwaxrxm98vuv28c3euur7
Your passwords are safe but you may get phishing emails that look like coming from Alby in the future, so be careful
reply
I was looking into getalby.com domain MX records using
https://mxtoolbox.com
(very good tool to configure properly your email server) and I found these rules used for anti-spam and anti-phishing rules:
DMARC actual
v=DMARC1; p=none; rua=mailto:b02f99b6d44a47f595397b4b8fc195fd@dmarc-reports.cloudflare.net
I would put a stronger DMARC with:
v=DMARC1;p=reject;sp=quarantine;pct=10;rua=mailto:b02f99b6d44a47f595397b4b8fc195fd@dmarc-reports.cloudflare.net;ri=86400;aspf=r;adkim=r;fo=1;
SPF
v=spf1 include:zoho.eu include:spf.ourmailsender.com include:spf.mandrillapp.com ~all
I would change ~all into -all
In this way, in case of a phishing attack, the recipients email servers can reject more easily those phishing (fake) emails.
reply