System Status
Buy Now
  • Email & Apps
  • Office 365
Login
  • MyRackspace Portal
  • Cloud Control Panel
  • Rackspace Webmail Login
  • Cloud Office Control Panel
  • Support Home
  • How-To
  • Developer Documentation
  •  Blogs 
    • Expert Insights Tech Blog
    • Rackspace Blog
    • Solve: Thought Leadership

Support Network

End-to-End Multicloud Solutions.   Solving Together.™   Learn more at Rackspace.com

How–To Home

Rackspace Email

  • Introduction
  • FAQ
  • All Articles

Identifying suspicious email

Last updated on:  2018-09-26

Authored by:  Ben Smith


This article describes how Rackspace Email Webmail identifies suspicious emails.

Prerequisites

  • Applies to: Administrator and User
  • Difficulty: Easy
  • Tools required: Webmail Access

Identify suspicious email

Suspicious email is a gray area between legitimate email and spam. Webmail employs Domain-based Message Authentication, Reporting, and Conformance (DMARC) indicators to determine if an email is suspicious. There are several other items you can see that indicate if an email is legitimate. These indicators are simple but are extremely valuable in determining the validity of a message.

Messages that are deemed suspicious show a yellow warning banner in Webmail’s preview pane. The intent of this banner is to encourage you to confirm the legitimacy of the sender and the contents of the message before clicking on any links, downloading any attachments, or replying.

Webmail clearly shows the display name and email address of the sender. Comparing the display name to the email address is a simple way to check for display name spoofing. Display name spoofing is when bad guys place a name that you recognize in the From address, such as the name of your manager, but the associated email address is not for that person. For example, Webmail shows you "From: John Doe <sally@notmycompanydomain.com>". Assuming John Doe is your manager’s name, <sally@notmycompanydomain.com> is definitely not your manager’s email address.

Webmail shows you if the domain of the sender does not match the domain used to send the message. The domain that sent the message is represented by the ‘sent from’ added to the sender’s address. In some cases, this situation is normal for sending services that are used for marketing and sales campaigns, newsletters, and similar email distributions. However, it can also be an indication of spoofing. Building on the previous example, if the same bad guy compromised a Gmail mailbox and is sending email pretending to be your manager, it appears in Webmail as "From: John Doe <john.doe@mycompany.com> sent from gmail.com". Assuming your manager never uses Gmail for work purposes, this is a clear indicator that the message is suspicious.

To report suspicious email as spam, you can drag the message to the Spam folder, or you can click Report Spam in the More menu.

Remember, it is always a best to verify any request for personal information or money that is received via email. For more information about how to recognize phishing emails, visit our blog at https://blog.rackspace.com/email-phishing-rise-mailbox-safe.

Share this information:

©2020 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER

About Rackspace
  • About
  • Customer Stories
  • Events
  • Programs
Blogs
  • The Rackspace Blog
  • Expert Insights Tech Blog
  • Solve: Thought Leadership
  • News
  • Contact Information
  • Legal
  • Careers
Site Information
  • Style Guide for Technical Content
  • Trademarks
  • Privacy Statement
  • Website Terms
Support Network
  • Support Network Home
  • Rackspace How-To
  • API Documentation
  • Developer Center
  • ©2020 Rackspace US, Inc.