Right, but what I'm trying to accomplish (as described in detail in my previous thread) is flagging, maybe just with subject modification mail from outside senders with a name that matches one of our organization's senders. I'd love to be able to have ASSP insert a warning, not on all mail, but only when there's a suspicious name match. We can't reasonably quarantine all external email, the messages in question don't have links or attachments to block.
For example Bob Jones <bob.jo...@ourcharity.org> is the real address within our organization. We're seeing name spoofing mail from Bob Jones < bob.jones.ourcharity....@gmail.com> or Bob Jones < president123mad...@gmail.com>. It shows up in outlook as Bob Jones in the inbox. Lots of times, the message even had the signature that the person actually uses. We've had even some of our most savvy users get tricked. The messages slips through assp, because they're innocuous sounding "are you in the office? I need your help" "I've got a favor to ask, reply when you get this please?" Whatever, user gets fooled, replies, and then that gmail address is whitelisted. The next mail asks for the purchase of gift cards, etc. Common scheme. If we could change even just the subject line like [Potential Spoof]: <real subject> that would help the recipient. Inserting a warning into the body would be even better! To do the matching though, we'd need to list the names our people and their correct address and have ASSP flag only when there's a match from outside. Of course there are lots of legitimate instances where our people email from their real personal email address to our staff. Those would get a subject or body modification too, but that's okay. We don't have the budge to have a third part system do this. Would you mind taking a look at the original thread for more detail and explanation of what I'm thinking? I think it's at least worth discussion - I think there's some real value to the ASSP community being how often we're getting name spoofing messages. On Sat, Nov 2, 2019 at 3:34 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > simple company rules are the solution: > > - every mail from outside the company is subject to be malicious - open > attachments or following links in such mails, requires a full manually > verification of the email before any action is done - on any doubt the mail > has to be quarantained > - qurantined mails are untouchable as long as they are not released by an > authorisized person or system > - every mail from outside the company passed an assp system > - every mail from/to inside the company will never reach any assp system > (except assp reporting) > - every mail from outside contains a X-ASSP header but at least the ASSP > received header - this header has to be used by the mail client and/or > server to classify the mail > > >can I insert something into the bodies of selected messages as it is > sent to the real mail server > > there is no such code in assp.pl - only ASSP_AFC is able to manipulate > the mail body (replace attachments , SMIME) > > >without having that warning message saved in the corpus > > assp stores the incoming mail + assp headers - never the content sent to > the server > > Thomas > > > > Von: "K Post" <nntp.p...@gmail.com> > An: "ASSP development mailing list" < > assp-test@lists.sourceforge.net> > Datum: 01.11.2019 18:02 > Betreff: [Assp-test] Message body modification > ------------------------------ > > > > Thomas, quick question: can I insert something into the bodies of selected > messages as it is sent to the real mail server without having that warning > message saved in the corpus? > > Early last month, I sent "An idea: Visual warnings in message body" but > received no replies. > We're seeing SO many of these, that I might try to figure this out on my > own if there isn't broad appeal. > > Thanks > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
