"ASSP development mailing list"
Datum: 21.04.2018 11:40
Betreff: Re: [Assp-test] Multiple From headers/regex based on
localdomains
So your domain is thockar.com therefore the forged domain would be
thockar.com-1.me
My example domain was a .co.uk therefore the forg
"ASSP development mailing list"
mailto:assp-test@lists.sourceforge.net>>
Datum: 21.04.2018 10:41
Betreff: Re: [Assp-test] Multiple From headers/regex based on
localdomains
Only to be clear - for my domain the domainname would be
ff: Re: [Assp-test] Multiple From headers/regex based on
localdomains
Only to be clear - for my domain the domainname would be 'thockar.com
.uk-1.me' - right?
Thomas
Von:"Colin Waring"
An:"ASSP development mailing list"
Datum:
Only to be clear - for my domain the domainname would be 'thockar.com
.uk-1.me' - right?
Thomas
Von:"Colin Waring"
An: "ASSP development mailing list"
Datum: 21.04.2018 09:51
Betreff: Re: [Assp-test] Multiple From headers/regex based on
loc
Thomas Eckardt
Sent: 21 April 2018 08:18
To: ASSP development mailing list
Subject: Re: [Assp-test] Multiple From headers/regex based on localdomains
>None of the addresses are actually @domain.tld
I'm right ? The used domains never ends with a valid TLD - so the domains never
exists? Or a
nt mailing list"
Datum: 20.04.2018 21:49
Betreff: Re: [Assp-test] Multiple From headers/regex based on
localdomains
Yes there is so this particular message gets caught which is great.
There is no guarantee that all emails with the -1.me also have multiple
from headers, also the -1.me
: ASSP development mailing list
Subject: Re: [Assp-test] Multiple From headers/regex based on localdomains
But there should be a scoring because of multiple Fom: and/or Sender: headers-
Thomas
Von:"Colin Waring"
An:"ASSP development mailing list"
Datum:
But there should be a scoring because of multiple Fom: and/or Sender:
headers-
Thomas
Von:"Colin Waring"
An: "ASSP development mailing list"
Datum: 20.04.2018 16:42
Betreff: Re: [Assp-test] Multiple From headers/regex based on
localdomains
Hi Th
the multiple from headers which is great.
All the best,
Colin.
From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
Sent: 20 April 2018 15:24
To: ASSP development mailing list
Subject: Re: [Assp-test] Multiple From headers/regex based on localdomains
Colin,
solved build 18107 the problem for
Von:"cw"
An: "ASSP development mailing list"
Datum: 14.04.2018 09:47
Betreff:Re: [Assp-test] Multiple From headers/regex based on
localdomains
Hi Thomas,
Looks like a good feature. I'll have to double check the headers for this
message. I think the domain
r Name <
> *actualsmtpfromaddr...@legitimatebutcompromiseddomain.tld*
> >
>
> 'nofromValencePB' would be added two times - one time for each
> additionally From: header.
>
>
>
> Thomas
>
>
>
>
>
> Von: "Colin War
two times - one time for each
additionally From: header.
Thomas
Von:"Colin Waring"
An: "ASSP development mailing list"
Datum: 13.04.2018 20:55
Betreff: Re: [Assp-test] Multiple From headers/regex based on
localdomains
Thank you for the reply Thoma
nded in
the entry from localdomains.
All the best,
Colin.
From: Thomas Eckardt
Sent: 13 April 2018 16:55
To: ASSP development mailing list
Subject: Re: [Assp-test] Multiple From headers/regex based on localdomains
Colin,
'DoNoSpoofing4From' should do it - but it is'nt. Only th
Colin,
'DoNoSpoofing4From' should do it - but it is'nt. Only the first 'From:'
address is currently checked and this will not prevent this attack.
But it is possible to include 'sender: , reply-to: and errors-to:' in to
this check - which would catch this mails.
What do you think?
Thomas
14 matches
Mail list logo