Great video! The description of the SPF qualifiers on the "all" mechanism isn't quite right though. Your description is a common misconception I encounter on security and admin forums frequently. The difference in handling of ~all and -all failures is entirely a matter of local policy on the side of the receiver. Senders should strive to get their records to -all but the difference in how imposter mail will be treated isn't as stark as one may think. The softfail description is somewhat correct in that the RFC specifies the receiver "SHOULD NOT" reject (note it doesn't say "MUST NOT".) However, accepted is not the same as delivered and the message may still be quarantined or otherwise prevented from ultimately ending up in the recipient's mailbox. The RFC on fail (-all) is almost the same but says >>>if>chooses

I've been doing some form of email forensics for years, and this is one of the best explanations that I've seen. Great job. I'd welcome much more of this, as well as Mac, Linux and database forensics. Cheers.

This is a life saver. i learned more in 20 minutes then 3 hours reading documentation

This a fantastic analysis and should be required watching for anyone that analyzes email for a living. Would recommend!

Best teacher I have ever come across.

Superbly broken down and well narrated. Very engaging. Looking forward to more!

Best forensics resource I’ve found! You are the man

Expecting some Mac Forensics from 13Cubed atleast a start

SPF and DKIM sounded so simple. Great video Richard, as always!!

this is the best video I have seen on Mail Headers, awesome!

Thank you for this very clear explanation, indeed one of the best explanations out there. Please continue doing videos like this.

This a a great explanation, really helps with GCFE prep!

Nice Experience .Thanks For your kind information.

Great as always!

Soo useful video for Email forensic and for common people to safeguard themself from phishing emails. Love the way presented and Thanks a lot :)

Just came across your channel, great technical article explanation ..... appreciate your work

Good episode and nice office wall ^^

Simply great & thanks for sharing.

Awesome video. Also, you sound like the narrator on The Sandlot which is pretty cool.

Priceless... thank you!

Let's hit 20k . Ur vlogs are awesome

Excellent! (as usual). Thank you very much

very informative indeed. Loved it.

thanks! can you share a "hard example" of it that we can practice on

Great new video and your explain is awesome... keep going , Thanks

Nice shirt and yes nice wall.

Thanks for the video...

great video.. very good explain👍👍

I am sure this is a simple step I am missing but how do you migrate the email to sublime text for analysis?

Again, great video Can you explain how reconnaissance email (not email reconnaissance) the one some APTs use to put an url to verify if the email exists or not without clicking the link? thank you

Does all e-mails should have DKIM?

how to get the ip from a google email??

Where do I get that 13 cubed polo? :)

Watching this video led me to subscribe to your channel. Thanks for sharing this and keep up the good work.

Great, thanks!

What does a localhost ip mean for the first Received field?

Good one

Hey, Thanks for the great video. Lot of cool and needed information. I had a quick question though. How does the MX record and SPF authorised sender differ? I mean can they both be the same too?

i installed packet control but it dont show up in sublime, why? i am stock in the beginning phase. help me out

Sir, amazing video :D

Hello sir. make demo how fmem works for capturing linux memory . Thanks

Can you please suggest some good book to understand Email Security in detail.

I tried this on an email and I don't get anywhere near as much information as you have. Any help would be greatly appreciated. Thanks

Thanks

how do criminals spoof email header? Thanks.

Hey, i tried it with a .msg extension i get the encryption message, am i doing something wrong or missing something. Tks in advance great video!