CISSP · Question #742
Which of the following is considered best practice for preventing e-mail spoofing?
The correct answer is B. Cryptographic signature. Email spoofing occurs when attackers forge the sender address in an email; cryptographic signatures are the best practice defense because they mathematically bind the message to a verified identity.
Question
Which of the following is considered best practice for preventing e-mail spoofing?
Options
- ASpam filtering
- BCryptographic signature
- CUniform Resource Locator (URL) filtering
- DReverse Domain Name Service (DNS) lookup
How the community answered
(61 responses)- A5% (3)
- B87% (53)
- C7% (4)
- D2% (1)
Why each option
Email spoofing occurs when attackers forge the sender address in an email; cryptographic signatures are the best practice defense because they mathematically bind the message to a verified identity.
Spam filtering identifies and blocks unsolicited bulk email based on content or reputation heuristics, but it does not verify sender identity and cannot reliably prevent spoofed messages from reaching inboxes.
Cryptographic signatures, implemented via technologies like S/MIME or DKIM, attach a digital signature to emails that allows recipients to verify the message truly originated from the claimed sender and has not been tampered with. Because the signature is generated using a private key that only the legitimate sender possesses, an attacker cannot forge a valid signature, directly preventing spoofing. This is the industry-recognized best practice and is endorsed by standards bodies and security frameworks.
URL filtering inspects and blocks malicious or unauthorized web links within messages or browsing sessions, but it does not address the authenticity of the email sender's identity.
Reverse DNS lookup maps an IP address back to a hostname and can be one weak signal in anti-spam heuristics, but it is easily bypassed and does not cryptographically verify that a sender is who they claim to be.
Concept tested: Cryptographic email authentication to prevent spoofing
Source: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-about
Topics
Community Discussion
No community discussion yet for this question.