Coder Social home page Coder Social logo

wheelercj / email-linter Goto Github PK

View Code? Open in Web Editor NEW
2.0 1.0 0.0 150 KB

Easily find spam and phishing emails received at disposable email addresses.

License: Apache License 2.0

Go 100.00%
command-line email phishing-detection security spam-detection jmap jmap-client fastmail disposable-email email-protection

email-linter's Introduction

email-linter

Go Reference

Easily find spam and phishing emails received at disposable email addresses. This command line app currently works with Fastmail, Topicbox, and any other email services that have a JMAP API. See more examples of these services here.

demo.png

email-linter lists each of your disposable addresses and all the addresses they have received from so you can quickly spot suspicious senders.

download

Either:

  • run go install github.com/wheelercj/email-linter@latest and then email-linter --help
  • or download a zipped executable file, unzip it, and run the app with ./email-linter --help

what are disposable email addresses?

They are email addresses created to be used for only one account each. Whenever one of these addresses starts receiving spam or phishing emails, you know exactly which account was compromised and can disconnect the address from your inbox. This way, you immediately stop receiving spam and never have to give your main email address to anyone you don't trust. Some examples of these email protection services are DuckDuckGo's Email Protection, Fastmail's Masked Email, Proton's hide-my-email aliases, Firefox Relay, and iCloud+'s Hide My Email. Since the emails received by these addresses should have predictable "from" fields, suspicious senders can be easily found with email-linter. If needed, you can customize which email protection service addresses email-linter searches for. Use the --help option for more info.

why

I got phished. Fortunately, it was a fake phishing email for training against phishing, but I learned to not look at emails while half-asleep and, more importantly, the sender's address was different from normal for the disposable address I used. Email services don't seem to consider that suspicious (at least not yet), and checking the sender's address manually for every email is tedious if you don't remember the correct sender address. email-linter automates checking sender addresses for you. I hope someday email services will make email-linter obsolete.

how does it work?

  1. First, email-linter finds all emails in your inbox that went through an email protection service.
  2. Next, it finds all emails outside your spam folder those disposable addresses have ever received.
  3. Then it lists each disposable address and the addresses they have received from. This makes it simple to spot suspicious senders so you can easily search your inbox for malicious emails and decide what to do with them.

email-linter does not store any of your data anywhere and only communicates with your email service.

API token

email-linter needs a read-only JMAP API token to securely connect to your account. If you're using Fastmail, you can create an API token here.

Choose one. The token can be entered in any one of three ways:

  • When you run the app, you can enter the token interactively if you haven't chosen any of the other options.
  • Create a file for the token with the location and name ~/.config/email-linter/jmap_token (~ is the user folder, such as C:/Users/chris).
  • Create an environment variable named JMAP_TOKEN. This option is generally not recommended because any process can read the environment variable.

If both a token file and environment variable are provided, the file is used.

caveat

Emails with multiple recipients usually don't say which address is yours. Sometimes there are patterns in the recipient addresses that hint at the answer, and email-linter looks for some of those, but sometimes there are not. This means there's a chance email-linter could say someone else's address is yours. If this happens to you but you see a pattern in the recipient addresses email-linter could use to improve its output, please let me know by creating a new issue!

I've considered letting users enter their email addresses, but I doubt anyone who really puts email protection services to good use would want to be constantly updating the list.

Example:

When an email is forwarded to a duck address, all the recipient addresses are changed to include the duck address. For example, let's say these are the email's original recipient addresses, and that one of them is yours:

[email protected]
[email protected]
[email protected]

If your duck address the email is forwarded to is [email protected], then DuckDuckGo's email protection service will change them to:

[email protected]
[email protected]
[email protected]

Since email-linter can't tell which is yours, its output of recipient addresses includes only the last part, your duck address [email protected].

dev resources

Here are some resources that were helpful while creating this app.

email-linter's People

Contributors

wheelercj avatar

Stargazers

avatar avatar

Watchers

avatar

email-linter's Issues

At least one of the executable files is sometimes flagged as malicious

After running GoReleaser to build the executable files and upload them for release v0.0.5, I downloaded email-linter_Windows_x86_64.zip, unzipped it, and tried to run it. I got a Windows Defender SmartScreen warning, so I clicked "More info" and then "Run anyway". The application worked perfectly, but immediately afterwards, Windows Defender said it had detected a threat and quarantined the executable.

Windows Defender says email-linter.exe is a trojan virus

I restored the file from quarantine and uploaded it to VirusTotal. 4 out of 69 security vendors flagged it as malicious. Here are the scan results.

VirusTotal scan results

The SmartScreen warning didn't surprise me at all. That seems to show up for every new application that hasn't gone through an expensive process of getting a license from Microsoft. I plan on submitting the application to Microsoft's malware analysis site as "incorrectly detected as malware/malicious" to try to prevent the SmartScreen warning.

However, I've never seen Defender or other security vendors on VirusTotal be sure my software was malicious before. Hopefully Microsoft's malware analysis site will at least bring the 4 down to a 3. I will look into this topic more; maybe there is something not super expensive I can do that would make my software look more like what it is.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.