How to Spot Any Spoofed & Fake Email (Ultimate Guide)

Well this video ended up being way longer and way more work than I thought (I believe it’s the longest serious video I’ve ever made). Be sure to like it because if it flops I'm going to stick my head in the Large Hadron Collider :_ThioJoeAHHH:

I did not know non-ASCII characters were allowed in email addresses. Thank you for such a detailed informative video.

Best policy: Never click on a hypertext link in an email.

The sad part is that anyone who can follow your entire presentation without their eyes glazing over was already capable enough of avoiding scam email. It is simply too complex for average email users to keep in their heads.

Wanna know what you do? Get a font that only has the a-z characters, and also a couple other important ones like 0-9 and some important symbols. Then set a fallback font to make the email address super obviously not latin characters. This is how you COULD do it.

I've been tracking spammers since the 1990s, and this video definitely covered the bases without getting too hairy for most folk. This can be an intimidating task, so simple straightforward examples are key and should cover most such threats. Good coverage of caveats, too. There are so so many angles, and limitations, so those this-but caveats are important. Something can look clean, but still fail the sniff test (BS Meter). Great job!

This video is extremely informative, extremely well done, and is the kind of video that can make a difference for a lot of people. Thanks Joe, well done.

Yes, last week. I kept getting a message saying they were from Netflix and they were going to cancel my account if I didn’t update my address. Funny thing is I don’t have an account with Netflix

Normal person: just checks if the email makes sense and doesn’t click on the link and goes to the website directly ThioJoe: Makes a 30 minute investigation and reports them to the FBI

It is getting to the point that flying to the sender and visiting them in person might actually be easier than exercising this level of scrutiny for every one of the hundreds of emails that show up every morning.

Wow man, You really did your homework on this one huh? 😁 I wanna say I am really thankful you are taking the time to make Videos like this, because there are SO MANY Tech people out there teaching people how to hack and scam, (I think just to they can Create the "Problem" so then THEY can become the "Solution") and no one is Teach people how to Defend themselves from these Hackers. I'm really glad you are fighting the good fight here man. Thanks!

Thanks Joe. I just finished upgrading our agency email system yesterday. You're video timing is impeccable!

The fact that there needs to be a 30 minute video explaining all of this tells me that these big tech companies have some interest in not protecting their users. Most, if not all of this, seems like checks that could be built into our email clients fairly easily.

Facinating - but so much information that at the end I just said “What’d he say?” It’s a difficult subject, and I think there’s a real opportunity for someone to incorporate these logic tree steps into mail clients.

One of the best defences against such scams is to have several email addresses - one that only your friends and family have, another for your bank, a third for well known suppliers and trusted companies and several throw away ones that you only give out to folk that you don't really trust. (You can make this easy by using forwarding on them, so that you don't have to log on to several servers.) Then when you get an email from "your bank" about an apparent problem with your account (already highly unlikely) and it arrives on one of your throw away addresses, you know immediately that it's fake because you don't use that email address for banking,

nice video! im gonna show this to my grandma

In the first 7min its already information overload... 👌👌👌

1:10 wow I laughed so hard over this part, I literally almost died from suffocation.

This is great , as a person who used to play with other companies open SMTP gateways for fun this is interesting, but they have tightened up the rules now with these SPF/DKIM and DMARC records. Thank you for this as it was fun to get a refresher for SMTP.

SPF and DKIM do authentication only, they don't provide any enforcement. That is what DMARC is for. Also, FYI, by default, O365 Enterprise tenants are configured to softfail regardless of what a domain's DMARC record is configured for. You have to enable full DMARC compliance if you want it configured that way. From the domain owners perspective, DMARC also provides a statistical and forensic mechanism so you can not only prevent unauthorized senders from using your domain, you can collect statistical information from email relays on the internet that lets you know how many emails "sent" from your domain are legitimate vs spoofed and which email servers are trying to spoof your domain. These statistics enable you to calculate a DMARC compliance rate which can tell you if someone is attempting to use your domain maliciously.