Phish Focus : Header Parsing

Joane Bonghanoy
Updated

This article takes you through Header Parsing, a new feature within our Phish Focus solution.

Benefits of this feature to Security Team and / or Phriendly Phishing Administrator

  1. Admins can inspect the header of the messages that was sent through to Phish Focus.

  2. Admins can do a header search and identify matches via the search bar added at the top of the Header information. Matches in the header record are highlighted.

  3. Admins can view suspected issues with DMARC, SPF, DKIM and ARC records. These are highlighted. 

This articles answers below questions:

  1. Where can I find the HEADER tab in Phish Focus?
  2. How can I search for characters in the header to identify matches?
  3. Where can I find the Delivery Information ummary: DMARC, SPF and DKIM possible issues?
  4. How does Header Inspection work?

Where can I find the HEADER tab in Phish Focus?

  1. Click Inbox and choose a message.
  2. Click HEADER

How can I search for characters in the header to identify matches?

  1. Click Inbox and choose a message.
  2. Click HEADER
  3. Scroll down to Header Content

Where can I find the Email Authentication Results : DMARC, SPF, DKIM and ARC possible issues?

  1. Click Inbox and choose a message.
  2. Click HEADER
  3. Under Email Authentication Results, click View Details 
    Parsing.png
  4. Under View Details, you will see the specifics of any delivery information. 
    parsing2.png

How does Header Inspection work?

To scan DMARC, DKIM, SPF and ARC information, we have built a system that operates based on an Email Header Analyser. Refer to below scenarios:

  • For new emails reported and sent to Phish Focus > The tool analyses the header in real time.
  • For existing emails > The tool analyses the header in real time when email is opened
  • Header analysis results are not stored in database

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.