Well this video ended up being way longer and way more work than I thought (I believe it’s the longest serious video I’ve ever made). Be sure to like it because if it flops I'm going to stick my head in the Large Hadron Collider

Best policy: Never click on a hypertext link in an email.

I did not know non-ASCII characters were allowed in email addresses. Thank you for such a detailed informative video.

Yes, last week. I kept getting a message saying they were from Netflix and they were going to cancel my account if I didn’t update my address. Funny thing is I don’t have an account with Netflix

I've been tracking spammers since the 1990s, and this video definitely covered the bases without getting too hairy for most folk. This can be an intimidating task, so simple straightforward examples are key and should cover most such threats. Good coverage of caveats, too. There are so so many angles, and limitations, so those this-but caveats are important. Something can look clean, but still fail the sniff test (BS Meter). Great job!

Wanna know what you do? Get a font that only has the a-z characters, and also a couple other important ones like 0-9 and some important symbols. Then set a fallback font to make the email address super obviously not latin characters. This is how you COULD do it.

The sad part is that anyone who can follow your entire presentation without their eyes glazing over was already capable enough of avoiding scam email. It is simply too complex for average email users to keep in their heads.

This video is extremely informative, extremely well done, and is the kind of video that can make a difference for a lot of people. Thanks Joe, well done.

Actually true, The Russian "a" and Greek "A" are pretty similar to the English one.

nice video! im gonna show this to my grandma

Normal person: just checks if the email makes sense and doesn’t click on the link and goes to the website directly ThioJoe: Makes a 30 minute investigation and reports them to the FBI

It is getting to the point that flying to the sender and visiting them in person might actually be easier than exercising this level of scrutiny for every one of the hundreds of emails that show up every morning.

1:10 wow I laughed so hard over this part, I literally almost died from suffocation.

I try to pass this knowledge on to the users in my company. But in the end, I just end up telling them "don't click on links or attachments in email" Only if they were expecting something from someone they have personally spoken to.

Wow man, You really did your homework on this one huh? 😁 I wanna say I am really thankful you are taking the time to make Videos like this, because there are SO MANY Tech people out there teaching people how to hack and scam, (I think just to they can Create the "Problem" so then THEY can become the "Solution") and no one is Teach people how to Defend themselves from these Hackers. I'm really glad you are fighting the good fight here man. Thanks!

The fact that there needs to be a 30 minute video explaining all of this tells me that these big tech companies have some interest in not protecting their users. Most, if not all of this, seems like checks that could be built into our email clients fairly easily.

Thanks Joe. I just finished upgrading our agency email system yesterday. You're video timing is impeccable!

Facinating - but so much information that at the end I just said “What’d he say?” It’s a difficult subject, and I think there’s a real opportunity for someone to incorporate these logic tree steps into mail clients.

Thanks for having actual captions for the Deaf - makes video much easier to follow - thank you for your good work!

More power to your elbow. This is the most informative video on the subject I have found so far. Great presentation as well

This one is very important ❤️

This is giving me a headache, but thank you.

In the first 7min its already information overload... 👌👌👌

Also you should watch out for if the domain has zero-with spaces because those have no width so they are invisible

Thanks You made this topic easy to understand. Very informative.

This is great , as a person who used to play with other companies open SMTP gateways for fun this is interesting, but they have tightened up the rules now with these SPF/DKIM and DMARC records. Thank you for this as it was fun to get a refresher for SMTP.

Man, this was a thoughtful and well put together presentation. I can't wait to get lazy, get scammed, and then go back to do these tests on the phishing email that got me and say "....yup, there it was, all along. 😑"

I set up my domain to do email not too long ago. I had to jump through all these hoops to set it up correctly. Happy to finally know what I was verifying. Apparently security is super important if you want to run your own mail server and also for stuff not to land in spam boxes. I passed all checks with the only caveat that I have to use an SMTP relay because no static IP. It doesn't show any via text, but it does show mailed-by.

Thanks for this amazing video! I really like this longer and more in-depth style. Also realized that when I configured my email I just took the recommendation to use "~all" in the spf entry. I really didn't understand the meaning of all those things back then and was glad that I could just copy stuff per tutorial. Thanks to you, I know can confidently know what those entries mean and also changed the "~all" to "-all"!

Thanks for informing us about these scams! Your a lifesaver! Love from SA

Nice video! I set up my own mail server domain with DKIM, DMARC and SPF (-all!). But I guess I'll watch this video every year now just as a refresher, it's so hard to remember what each of these are doing. Thanks!

Man this is seriously needed nowadays and an absolute incredible job. Glad to be a subscriber

I liked this, watched it entirely. Although I already knew most of what's it about, it was very informative.

*Joe, I thank you for explaining the difference between cyrillic "a" and latin "a." in a comment below, and I am paraphrasing, most of us know not to get involved with spoof emails, although I do report spoofs, for instance, from my bank. I have no idea what they can do with the knowledge; I just feel like a good scout for doing it*

I'm sending this to my mom and dad since they might fall for something like this. It's good to keep them informed! My dad once got one but it was for something he didn't have so luckily he asked my brother about it and he could tell it was a scam. Thanks for making this video!

Honestly, you have to carefully look at the email. There are other ways to spot that the email is fake, such as who they are addressing to (sir/madam), grammar, punctuation, etc. You covered a lot about gmail pretty well!

Actually in outlook, if you just hover the mouse over each sender in the inbox, it will show you who the real sender is. So if the return email doesn't match the actual sender, then you know its a phishing email without ever having to open it.

I have long been annoyed that email software doesn't easily and prominently show the actual email address of the sender and reply-to. Some only show the alias and not even the email address! Shameful because they know full well that this aids scammers. Definitely learned a number of things from this video and am now even more annoyed that email software doesn't make this easier.

Wow, this is very thorough, I honestly love it. Although maybe a tiny bit too much for the biggest target audience (those who easily fall for spoofed emails), but then again I don't know how else to teach avarage email users all the important safety measure.

Wanted a video specifically like this for so so long, ty so much.

I remember the time in 7th grade where my language arts teacher got a typical phishing email, and he printed it out and made copies for us to pass around so we know what those emails look like generally and to never listen to them

Interesting stuff, Joe . I managed to follow the encryption part much thanks to that I used PGP in the nineties. An encryption program built on the same principle.

this video is amazing , I always thought that I know my stuff and can't be scammed but I learned a lot thank you , this video deserve a billion views and likes

Thank you for making this video. I think this topic is very important and everyone should know about this.

As mailserver admin, overall a solid video. I do think it's a bit...weird to show the "X% of domains use SPF" statistic when the absolute majority of domains have never and never will send mails. Most people outsource their mails to providers nowadays, because, as you've shown brilliantly in this video, email is a pain.

"major email clients" **ignores Thunderbird** But still a good video. Paying attention to the sender address and if other header fields match can already filter out most spam/scam mails.

Glad you made this video. I checked and two of my domain names were announcing old spf records. Thanks!

This was very in-depth. Thank you. My father, who is 72 years old, fell for a phishing email. Fortunately I noticed it just a few minutes later, and had him cancel his card, and change is email password. That could have been bad.

Now I have to explain all of this to my parents.

This video is a real eye-opener

Great video!! I am just starting learning mail service and this is really good explained. One thing BTW, at minute 26 you explain the hash verification, and I am pretty sure is: sender signs hash with sender private key, and receiver verifies with sender public key. That is usually how software binaries are verified by people who download them from open source sites. You can only verify or encrypt with the public key.

The no.1 spot channel to learn the very useful thing, thanks for the tutorial!

Gonna defend a paper which contains Phishing info next week, great timing for video haha

I need this guy to be my teacher, never could I pay attention for a whole half hour

Corporate Email Security Professional here. Possibly the best attempt at an explanation I've seen trying to bring the subject down to a general computer-user level, although I expect plenty of heads will still explode :-) Not perfect mind you, there's some nitpicking to be had in the weeds, but nothing of consequence for your viewers. I was impressed that generally when I heard something and went "ahhh, that's a problem/wrong because..." within a minute or two you had covered that case.

Hi ya Theo! I just discovered your cannel and whish that I had found it sooner. It is absolutely brilliant!

Quite useful information-- you have matured well beyond your original "How to make your internet connection faster" gag video, which-- for a while, at least-- did no favors for your reputation.

A great tip for everyone is when you get a email that claims it's from Paypal or something they will always address you with the name you put in the account not your email address which is Another clear hint it's not from the actual company I noticed that from some Paypal emails when trying to sell something

Totally awesome video! Joe is my hero! Fabulous channel!

Excellent video! Bravo for educating internet users how to do these checks. On Apple Mac Mail there is a little drop down arrow right of the sender Name, clicking on it reveals the original address, so this is easy to do without hitting reply as suggested in the video.

I use a open source spamfilter, I get like 97% less spam now.

Hey Joe: You should consider starting a security consulting business targeting corporations as clients. Robert

Extremely helpful. The biggest thing I needed to hear was your domain could be spoofed - I didn't know that and it scared tf out of me when I saw it - I thought our account was hacked.

Thanks, just finished setting up DKIM, Spf and DMARK for my email domain.

Oh boy. Thumbs up BUT despite your hard work and detailed explanations it's all beyond my understanding. I did learn a few things though, some of them that I actually have the capacity to absorb. I know that people who really know their subject want to pass the information to their audience which results in going into overtime. It's what happens when you know your stuff. It's obvious that you know it. I have screwed up my computer in so many ways and so often (I'm in the middle of screwing up my outlook) that I don't even know how to reverse it or how to fix it, or how I got there in the first place. Although, from videos like yours I've learned to do a couple of things with questionable email. I don't open anything and I block the sender. Mine is just for home use though, and I can imagine that business computers and their email have to be scrutinized. See, I went further than I intended to as well.

"Nike" has bee BLOWING me up lately on my KZfaq channel email 🤣

Excellent video about a very important subject! We need a lot more exactly like this one!

Nice refresher! Thanks for putting this up.

Thanks for getting rid of that bot in the previous video it was really annoying to see.

Love this guy

I got a sponsorship email from Nike a couple days ago so this is super useful!

I just LOVE the way every single content creator on KZfaq, bar none, always uses the image of a white male wearing a hoodie as the "visual definition" of a scammer.

I used to work for a big organisation and colleagues did get hacked and have their emails used for scam purposes. It does happen. Always do more checks because sometimes companies are filled with technophobes who get hacked easily lol.

Speaking of similar looking unicode characters. It would be cool if they color coded or used bold/italics for any character outside the ascii range. For example: Standard ascii characters would just be black like it usually is and other character would have a color, like red for example. Also, it would give you a warning to let you know what it means like "NOTICE: Colored/bolded character(s) detected. Phishers may use this to their advantage.". It would help alot since I have bad vision and the examples you've shown look pretty much the same (The fake 'a' and real one).

Thanks very much for this. All your detailed info is appreciated

So yes, I finally subscribed - great video

I laughed so hard after hearing this part lol. 1:10

"It's a fake!" Or just use inbox filters...

Thanks man!! you just saved me from a job scam! I was almost lost in finding if its legit, until I saw ur video. great work🙌

Long can be good and this is one of the good ones. Thanks for the much needed extra info on identifying fake emails.

My approach is to treat each email that I receive as suspicious. This prompts me to do the security checks.

Have to remember that some emails also "act" or "release" bad stuff as soon as you open them

Probably your best video yet!

Good information. I've caught a lot of spoofing by looking at the email headers. Ones that I still have a question about, I'll call the company's customer service or tech support and ask if it is legitimate. One thing I found is Outlook will reveal the URL a control (like a button) is linked to by hovering over the control. Outlook will then print the URL on the status line.

7:53 F in chat for those scammers who are getting their emails used as "bad scammer" examples. im sure they worked real hard on this project to scam people.. and your like "pretend it doesn't have a big warning.." and then continue to shit all over their hard work! *"STOP KILLING HIM, HE'S ALREADY DEAD!!!"*

"Dear friend" in the subject line is a red flag

Thank you. I don’t get most of this. The steps you take us through is something I can do even if I don’t understand it. Again thank you

i guess i will watch this video again, a few months later. Thanks a lot ThioJoe!

I have an idea for a video: you should explain different types of viruses, worms, Trojans and what they are

"yes this is a 20+ minute video" the video: *30:32*

I have kind of fallen out of the Internet loop, this channel is a very good pointer to keep me from failing too much. thx

One of your best videos Thio. Thanks

Hello Thio Joe! What do you prefer: Cats or dogs iPhone or Android Spotify or Apple Music.

Thio: this video is 20+ minutes Video: 30 minutes

One of the best defences against such scams is to have several email addresses - one that only your friends and family have, another for your bank, a third for well known suppliers and trusted companies and several throw away ones that you only give out to folk that you don't really trust. (You can make this easy by using forwarding on them, so that you don't have to log on to several servers.) Then when you get an email from "your bank" about an apparent problem with your account (already highly unlikely) and it arrives on one of your throw away addresses, you know immediately that it's fake because you don't use that email address for banking,

Been waiting for this video for so long , going to pass it to my 5 old niece , Thanks Joe

Thx yo.

Fun fact: this "g" is not a g.

Wow finally somebody who explained SPF DKIM and DMARC in an understandable way

Damn it! I was in that 65.6% of muppets in the [DMARC] p=none category. That'll teach me to not blindly copy/paste settings. DNS updated. Outstanding video!