- FAQ
- Login
- Register
- Call Workpermit.com for a paid service +44 (0)344-991-9222
ESC
Welcome to immigrationboards.com!
Moderators: Casa, Amber, archigabe, batleykhan, ca.funke, ChetanOjha, EUsmileWEallsmile, JAJ, John, Obie, push, geriatrix, vinny, CR001, zimba, meself2
The domain as it appears by itself cannot ever be trusted as the email protocol, old as it is, does not require authentication to specify the sender email address. Unfortunately, the technology is such that anyone (with a tiny bit extra know-how) can send an email as anybody else - a huge opportunity for scammers and a huge problem for the ordinary people.alterhase58 wrote: ↑Tue Mar 03, 2020 5:44 pmnever had emails from UKVI but the domain is certainly ok.
Thanks. I checked the security details in gmail and it says "sent by: homeoffice.gov.uk, signed by: ukhomeoffice.onmicrosoft.com, security: stabdard encryption (TLS)". Would that be sufficient for confirming security?AnotherUUID wrote: ↑Wed Mar 04, 2020 3:46 pmThe domain as it appears by itself cannot ever be trusted as the email protocol, old as it is, does not require authentication to specify the sender email address. Unfortunately, the technology is such that anyone (with a tiny bit extra know-how) can send an email as anybody else - a huge opportunity for scammers and a huge problem for the ordinary people.alterhase58 wrote: ↑Tue Mar 03, 2020 5:44 pmnever had emails from UKVI but the domain is certainly ok.
There are however, workarounds (not solutions!) that have been put in place for a number of years to deal with the issue as much as possible, largely on the server side and transparent to the users (luckily!).
This might sound a bit techy - bear with me - but it's something relatively simple that everyone can do to check if an email might be dodgy. One way is to look at the headers of the email message itself. Depending on whether you use a web based email client or a desktop application such as Thunderbird there will always be an option to view the message "source" where you will be able to see the email in its raw format, as communicated between the servers, which will include some additional technical information.
Don't be shocked when you see the huge amount of text which will largely mean nothing to most people.
Things to look for are lines (and their contents) that start with: Received-SPF, Authentication-Results, DKIM-Signature, and ARC-Authentication-Results (used by Google). In the header contents one should look for the following:
I won't go into the details of how and why but, if all of the above (when present) show a pass, there's a good chance the email is coming from legit mail server, and thus, likely a legit source.
- Received-SPF: pass
- Authentication-Results:
- dkim=pass
- spf=pass
- dmarc=pass
- ARC-Authentication-Results: similar or same as Authentication-Results above
Compliant mail servers these days are required to conform to additional techniques and do the above standardised checks. If one or all checks don't pass most receiving mail servers will usually treat this as spam - but it's not a foolproof system and you can't ever trust it 100%.
It's a never ending topic and plenty of other checks one can manually do, but this is by far one of the simplest accessible to everyone out of the box without the need for extra tools.
All HO communications I've had - though admittedly not directly from a caseworker - have, at the very least, passed the above (automated) checks.
Hope this helps!
It seems okay. "signed by: ukhomeoffice.onmicrosoft.com" is the only thing that, to me, would be of slight concern but I wouldn't be surprised if HO use third party service providers as a cost saving measure.hiteshtuteja wrote: ↑Wed Mar 04, 2020 5:00 pmThanks. I checked the security details in gmail and it says "sent by: homeoffice.gov.uk, signed by: ukhomeoffice.onmicrosoft.com, security: stabdard encryption (TLS)". Would that be sufficient for confirming security?