Objective: Learn to parse email headers to verify sender authenticity using SPF and DKIM.
Challenge Description: You receive a suspicious phishing email (in Japanese) claiming to be from a trusted company. Such mass phishing campaigns have targeted Japanese users recently[1]. Your task is to analyze the raw email header to spot spoofing. For example, the Authentication-Results field may show spf=fail or dkim=fail, indicating the sending server is not authorized or the message was altered.
Tools: Thunderbird (open full message source), a text editor/viewer, and DNS/SPF lookup tools (e.g. dig). No webmail – export the .eml and view headers locally.
