A solid idea, but you would have to avoid modifications to DKIM signed emails that sign the From header field via the h= tag as specified by RFC6376 secton 5.4 and 5.4.1.
On Tue, 8 Dec 2020 12:13:57 +0000 Tim Bray via mailop <[email protected]> wrote: > Hi, > > I'm wondering if it might be a good idea to strip all sender names from > emails coming into our corporate email system. To avoid a false name > being used by a scammer. > > So rewrite a header like > > `From: Bob Smith <[email protected]>` to `From: [email protected]` > > Because the domain part is checked by SPF and DKIM. The but name (Bob > Smith) is not. > > Background: > > Some people at work fell for a scam email where the From line was > > From: =?UTF-8?Q?Darren_Smith=C2=A0?= <[email protected]> > > That's a Darren_Smith with a non breaking space on the end. > [email protected] is the real scammer address. > > Darren Smith (not his real name) is the Managing director of their > employer. And they just trusted the name, and didn't check the > domain. To the more experienced members of staff it was so blatantly a > scam they just deleted it. To the junior members, they rushed to the > shops for amazon and google vouchers thinking they were on a special > mission for the big boss. £1300 lost, some maybe recovered. > > If I stripped the name, they would have seen [email protected] and > hopefully noticed sooner. > > Thoughts or ideas? > > > -- > Tim Bray > Huddersfield, GB > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
