Malicious messages such as malicious email can take many forms. Common forms of malicious email include spoofed messages utilized in phishing, malware or social engineering attacks. Cybercriminals send an email message that appears to be a legitimate email message representing a legitimate identity from what appears to be a legitimate email server to an unsuspecting victim but this email message is actually a spoofed email message. While the email server that originates the spoofed email may not have a previous history of malicious behavior, it is not a legitimate source for the identity the spoofed email claims to represent.
The spoofed email may contain malicious attachments or may link to a malicious target destination controlled by the cybercriminal to phish information from the victim for criminal purposes. For example, a cybercriminal sends an email message that appears to be sent by a financial bank institution by spoofing the text of the “from” address to be a legitimate email address of the financial bank institution. However the message will contain a link that links to a webpage of the criminal requesting login credentials of the victim. Alternatively, the email message may spoof a trusted identity and contain instructions or simply establish a history of communications that can be exploited at a later date. For example, a cybercriminal sends an email message to the finance department of a company that appears to be sent by an executive of the company requesting a wire transfer to an account that is controlled by the criminal.
Although standardized email validation platforms may be utilized to verify that an identified sender of the message has actually sent the message, much email traffic today does not take advantage of these email validation platforms. Therefore, there exists a need for a more flexible way to identify authenticity and security risk of a message and reputation of a sender.