There is a need to protect an entity which receives e-mails from hackers. Particularly, from hackers who attempt to gain access to the recipient by gaining the recipient's confidence under false pretenses. Such false pretense can be created by the sender representing the origin of the e-mail as being from a familiar reliable source when in fact the source is not. Using this tactic the sender can gain the confidence and trust of the recipient, such that the recipient, unknowingly clicking on and opening malicious links or on and opening malicious attachments. There is a need to protect the recipients from these hackers which have malicious intent to inflict harm to the recipient.
If a sender properly sets a DomainKeys Identified Mail (DKIM) signature to validate the sender is legitimate this may be helpful in determining a legitimate sender has sent a particular e-mail. However, this is frequently not sent by the sender. Other spoofing detection methods include looking at the quality and content of the e-mail for errors or odd links. However, this method will not detect malicious hackers that do not have errors in their e-mail contents. Additionally, this method involves human judgment and is subject to human error.
There are systems such as Trend Micro®, provided by Trend Micro Incorporated which checks the reputation of the Internet Protocol (IP) address sending the e-mail. If the IP reputation score is bad, the e-mail is blocked. The drawback in this instance is that the system does not detect e-mails spoofed and sent from a legitimate IP address and thereby gets by the IP reputation block.