Hi all,
We're seeing a number of reports today of targetted phishing emails and
getting questioned as to why SPF records aren't blocking the forges.
When we look at the emails, Outlook shows up u...@domain.tld as the from
address.
When I look in the headers, the email was actually sent from
u...@domain.tld-i.win
I'm not sure why Outlook chooses to drop everything from the dash onwards,
I only care about stopping these. I've added *@*-i.win to
blackListedDomains which will catch these ones - until they change the
domain they are using.
blackListedDomains supports wildcards rather than regular expressions if
I'm correct, so I'm wondering whether something like this would catch them
all or whether it would cause too many false positives.
*@*.*-*.*
This would block anything as above but it would also block
u...@subdomain.main-domain.tld
I can't see a way to do this any better - does anyone have any suggestions?
All the best,
Colin.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
