Frequently Asked Questions

Q: What is IP spoofing?

A: IP spoofing is the practice of forging various portions of the Internet Protocol (IP) header. Because a vast majority of Internet traffic, applications, and servers use IP, IP spoofing has important security implications. Please see the Wikipedia article on IP address spoofing.


IP Spoofing

Q: Why doesn’t the the internet protect against spoofing?

A: Many of the protocols in the TCP/IP suite do not provide mechanisms for authenticating the source or destination of a message. They are thus vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host. IP spoofing and ARP spoofing in particular may be used to leverage man-in-the-middle attacks (alters the communication between two parties who believe they are directly communicating with each other. ), against hosts on a computer network. Spoofing attacks which take advantage of TCP/IP suite protocols may be mitigated with the use of firewalls capable of deep packet inspection or by taking measures to verify the identity of the sender or recipient of a message

Q: What is Address Resolution Protocol (ARP) spoofing?

A: Is a technique by which an attacker sends spoofed ARP messages onto a local area network. Generally, the aim is to associate the attacker’s MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead. ARP spoofing may allow an attacker to intercept data frames on a network, modify the traffic, or stop all traffic.

ARP Spoofing

Q:Why eMailGPS?

A: How we filter email origin IP from incoming email from different email providers in Outlook.

A: How we compare that origin IP against data sources in Outlook

A: How we compare incoming email addresses to external address data sources

A: How we mark (in Outlook called categorize) emails with color based on results of comparisons

A: How we use origin IP address in export to geolocation database

A: How we bundle email information to include geolocation link in eMailGPS Post Threat NotifierTM

A: How we enable increased enterprise-wide Outlook security, with strategic security-based end user workflows

A: How we identify blocked or missing email IP source information and categorize email to reflect that (coming next)

Q: How Does eMailGPS geolocation work?

A: eMailGPS goes below your email message, into the computer code that directs the emails from source to destination, and all stops in between across the Internet. This information is run through an algorithm that identifies relevant information about the email’s origin. eMailGPS then correlates that information with geolocation databases and displays the email’s geographic origin in a map.

Q: Is eMailGPS legal for use in all states and countries?

A: Yes. All databases used to locate an email’s origin are available to the public, only eMailGPS knows how to disect an email for presentation to these database.

Q: How is eMailGPS licensed?

A: eMailGPS is licensed by workstation. Each eMailGPS license is tied to a specific workstation. A new license must be purchased for each workstation conducting email IP resolution.

Q: Will eMailGPS work on my cell phone with Outlook.com?

A: eMailGPS will have a Mobile version available in Q4 2016.

Q: Why does Google Chrome causes maps to open differently?

A: The map will download and then you will have to click on it to open. Chrome is the only browser to enforce this for security reasons. If someone uses Firefox, IE, etc. the map will just open. It’s a chrome thing. Read more… https://productforums.google.com/forum/#!topic/chrome/Drge_Zrwg-c

Q: How would eMailGPS know if this was trusted or untrusted email, if a the email senders user name and domain name are faked (spoofed)?

A:  It must be understood that every data packet traveling on the Internet contains the node addresses (as raw IP bit strings) of both the sending and intended recipient nodes, and so no data packet can ever actually be anonymous at the level analyzed by eMailGPS. This message to people attempting to hide their email source comes from this page http://www.sendanonymousemail.net/send.php and demonstrates the difference between eMailGPS and the typical email perimeter analysis system. This website is setup to allow people to send emails anonymously that will pass email security and filters, and allow email address and domain spoofing. This statement to the website’s reveals how eMailGPS would catch this threat at the desktop level. This website may have already been blocked by many email security systems, but those who seek to do spear-phishing and other email attacks wouldn’t use a website like this. They would use their own code on a web server that is hijacked that does this in mass/bulk emailers. Many cyber-criminals will simply use a local PC to send emails in order to stay out of the cloud all together. These email spoofing websites are also used for educational and other purposes, and no criminal intent is implied concerning this website example.

Q: How do you Auto Preview in Outlook 2010 without opening the email?

A: I receive a lot of complaints about the change in the unread message preview option introduced in Outlook 2013. In Outlook 2010 and older, you could show a 3 line preview of Unread messages and no preview for read messages. In Outlook 2013, this was changed to an option of 1, 2 or 3 lines but applies to all messages, read or unread and not everyone likes this change.

I spent a half hour this morning looking for a fix or some clever workaround to the useless preview of unread messages with no luck.

3-line preview in Outlook 2013. (In Compact view it looks cluttered and busy.)
3 line preview in outlook 2013

3 line preview for Unread messages in Outlook 2010:
read and unread messages in single line view

One option is to use the Unread view. Look for All Unread at the top of the message list; click Unread to switch to seeing only unread messages and All to see all messages. Yes, I know it’s not the same, but it can reduce some of the clutter when you use the 3 line preview.

One client added the 1 and 3 line commands to the Quick Access Toolbar (QAT) so he could quickly switch between views. He has the QAT below the ribbon and the 1 and 3 line commands are right above the message list, which makes them easy to use.
add the 2 line preview button to the QAT

To add the buttons to the Quick Access Toolbar

  1. Open File, Options and choose Quick Access Toolbar.
  2. In Choose commands from, select All Commands.
  3. Click in the command list and type S to jump down the list.
    customize the qat
  4. Look for Show [count] Lines of Preview commands.
  5. Select the commands you want on the QAT and click Add ».
  6. To show no lines, add Turn off AutoPreview to the QAT.

More information: http://www.outlook-tips.net/tips/show-autopreview-unread-messages/

Q: What is a firewall and  How It Works? 

A: A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. If you can’t start Windows Firewall or you are getting an error, use our free tool to diagnose and fix problems.

Firewall Diagram

  • If you use a computer at home, the most effective and important first step you can take to help protect your computer is to turn on a firewall.
  • Windows 8, Windows 7, Windows Vista, and Windows XP SP2 or higher have a firewall built-in and turned on by default. (Note: Support for Windows XP ended in April 2014.)
  • If you have more than one computer connected in the home, or if you have a small-office network, it is important to protect every computer. You should have a hardware firewall (such as a router) to protect your network, but you should also use a software firewall on each computer to help prevent the spread of a virus in your network if one of the computers becomes infected.
  • If your computer is part of a business, school, or other organizational network, you should follow the policy established by the network administrator.