[ExI] hacked email
pharos at gmail.com
Tue Nov 25 15:48:26 UTC 2014
On Tue, Nov 25, 2014 at 1:43 PM, spike wrote:
> Security hipsters, I need some advice or ideas. We have a group of family
> history researchers, about a dozen of us who work together, share photos,
> family lore, findings from DNA and so forth. Recently one of our circle
> went off her meds and did a lot of damage by hacking into another member's
> email and writing messages to the other members with a false From line, all
> with carefully calculated malice.
> What do you security guys do to verify a sender?
There are a lot of problems to answer!
First - Has an email account actually been hacked?
Or is she just sending emails with a false From address?
If an email account has been hacked, then everybody has to change
passwords and call the cops.
If she is spoofing From addresses, then she doesn't actually have
access to any of your mail accounts.
You cannot stop false From addresses - the Spam community depend on
that feature. ;)
Assuming we are just talking about false From addresses, then the
simple way to verify is to Reply to Sender and ask if they sent this
This could get tedious.........
But the alternative is a bit complicated.
You could all switch to Protonmail (or similar) as Will suggests.
The alternative is to use PGP. You don't need to encrypt the whole
message. Just add a PGP encrypted signature. But you have to learn how
to do this for all the different email systems that you use.
Another alternative is to set up a cloud database system where you all
post and have unique passwords.
Hope this helps!
More information about the extropy-chat