Re: [exim] From rewrite for incoming messages

Fri, 28 Jun 2019 05:12:21 -0700 

On Fri, 28 Jun 2019, Sujit Acharyya-Choudhury via Exim-users wrote:


Is there a safe way to rewrite From field for ALL incoming messages? 


Sadly there is not.

Or at least there is no way to determine *for all messages*
what would be a safe string to use as the replacement.
Each message can have two "from" lines; I can't remember the proper terminology but call them "the Envelope From" and "the header From:", 
and then there is the Reply-To: header too.
Some of these can contain more than one address and some can have a name as well as an address. 

Each of these is under control of the original sender.

SPF, DKIM, DMARC (and ARC) are all attempts at allowing intermediate
mail servers to verifying and authenticate one or more of these address/names, or at least saying "I cannot confirm this address". 

This problem is well known and many people have attempted to find
solutions to what is ultimately a fundamental problem with SMTP,
but ultimately if you cannot trust every step of the chain there
is no way of computing a safe answer.


We are having problems with Phishing where recipients only see the
From field and assume it has come from a trusted person and then click on the link or download the file. 
An example is as follows:

=======================================================
From: Sujit Choudhury <mailto:[email protected]>
Date: Tue, 25 Jun 2019 at 12:22
Subject: Hello
To: mailto:[email protected] <mailto:[email protected]>
 
Are you in the office?
Please click on the link below:


============================================================================
=================================================
In this case j.baird thought, that the mail came from me, and like many
people reading their mails on phone, only the first part of the From field
is visible.




Regards

Sujit

Sujit Choudhury | IT Services
Systems Administrator
Birkbeck, University of London
Tel: 020 3073 8020






--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to