An organization suspects it is receiving spoofed e-mails from a foreign-hosted web e-mail service. Where can the MOST relevant be found to begin the process of identifying the perpetrator?
An organization suspects it is receiving spoofed e-mails from a foreign-hosted web e-mail service. Where can the MOST relevant be found to begin the process of identifying the perpetrator?
The most relevant information to begin the process of identifying the perpetrator of spoofed e-mails can be found in the message headers of the received e-mails. The headers contain crucial details such as the originating IP address, the path taken by the email, and other metadata that can be used to trace the source of the email and determine if it has been spoofed.
Answer B is right: The most relevant place to begin the process of identifying the perpetrator would be to analyze the email headers. Email headers contain detailed information about the sender, including the IP address of the originating server. This information can be used to trace the source of the email and determine whether it is indeed being spoofed.
B is correct
The question specifies "to begin the process". That makes B) the best answer. If it didn't specify that, A) would be the right answer.
Emails header can sometimes have a lot of information in them, quite easily accessible. That's also why when forwarding a suspicious email to the relevant security service, the email must not be just forwarded, but rather joined as attachement, so as to preserve the headers in it.