Well in this day of email spam increasing as well as content filtering increasing, most organizations are utilizing Sender ID to validate where your mail actually came from. It was with amazement when I received an email from Microsoft MCP Help, through Hotmail, that actually failed Sender ID authentication.
However, the key thing here is that if other domains fail Sender ID, they are immediately moved over to Hotmail's Junk Mail folder. You would think the same is applied to Microsoft? Hell no, that email sat nicely at the top of my Inbox. Here is a screen shot of the email with private content omitted.It appears that there might be a need for a couple anti spam appliances or two. Maybe those may help! Maybe the anti spam on the Exchange Server was acting up, who knows?
According to the link at the top of the email as per Microsoft:
Microsoft and other industry leaders champion Sender ID as an initiative that provides a technical solution to help counter spoofing. Spammers use spoofing as their primary deceptive practice.
E-mail domain spoofing involves forging a sender's address on e-mail messages. Malicious individuals use spoofing to mislead e-mail recipients into reading and responding to deceptive mail. These phony messages can jeopardize the online safety of the user, and can damage the reputation of the company which seemingly sent the e-mail message.
Spoofed e-mail often contains "phishing" scams. In these scams, a spammer, posing as a trusted party such as a bank or reputable online vendor, sends millions of e-mail messages directing recipients to websites that appear to be official, but which are really scams. Visitors to these fraudulent websites are asked to disclose personal information, such as credit card numbers, or to purchase counterfeit or pirated products.
Sender ID seeks to verify that every e-mail message originates from the Internet domain from which it claims it was sent. Sender ID checks the address of the server that sent the mail against a registered list of servers that the domain owner or e-mail recipient have allowed to send e-mail. The Internet service provider (ISP) or recipient's e-mail server automatically perform this comparison before the e-mail message is delivered. If the Sender ID verification passes, the message is delivered as regular mail.
If the check fails, the message is further analyzed and the receiving server may refuse to deliver the e-mail, or it may flag the e-mail as a possible deceptive message. Depending on the recipient's ISP or e-mail server software, messages that fail the Sender ID check may be flagged and sorted differently. For example, a simple icon may be displayed in the message to indicate the failure. Or the message may be sent to the junk mail folder for the recipient's review, or it may be automatically rejected and deleted.
There is no single solution to stopping all spam and online fraud. However, Sender ID is a significant first step that many in the industry support to counter spam and online phishing attacks.
We would think Microsoft would validate emails coming from it's organization correctly to at least adhere to Sender ID, that they claim they support. The question now is, should I trust that this email actually came from Microsoft and is it authoritative? You be the judge.
