On Sat, 11 Apr 2020 15:16:35 -0400
Rick Cooper wrote:
> On April 11, 2020 3:08:15 PM EDT, RW
> wrote:
> >On Sat, 11 Apr 2020 19:58:02 +0100
> >RW wrote:
> >
> >
> >>
> >> The first one was cited as a format used in forwarded ham. The
> >> other two are common in spam.
> >>
> >> The point of
On April 11, 2020 3:08:15 PM EDT, RW wrote:
>On Sat, 11 Apr 2020 19:58:02 +0100
>RW wrote:
>
>
>>
>> The first one was cited as a format used in forwarded ham. The other
>> two are common in spam.
>>
>> The point of this spamming technique is that many clients show only
>> the display name
On Sat, 11 Apr 2020 19:58:02 +0100
RW wrote:
>
> The first one was cited as a format used in forwarded ham. The other
> two are common in spam.
>
> The point of this spamming technique is that many clients show only
> the display name in the message list. Consequently the three headers
> will
On Sat, 11 Apr 2020 11:46:04 -0600
Grant Taylor wrote:
> On 4/11/20 9:49 AM, RW wrote:
> > I see that the plugin rules don't distinguish between the
> > irresponsible format of:
> >
> >From: "Mr Bill (mb...@legitemail.com)"
> >
> >
> > and more seriously deceptive formats like:
> >
> >
Grant Taylor wrote:
> On 4/11/20 9:49 AM, RW wrote:
>> I see that the plugin rules don't distinguish between the
>> irresponsible format of:
>>
>>From: "Mr Bill (mb...@legitemail.com)"
>>
>>
>> and more seriously deceptive formats like:
>>
>>From: "mb...@legitemail.com"
>>From:
On 4/11/20 9:49 AM, RW wrote:
I see that the plugin rules don't distinguish between the irresponsible
format of:
From: "Mr Bill (mb...@legitemail.com)"
and more seriously deceptive formats like:
From: "mb...@legitemail.com"
From: "Mr Bill "
I feel like all three examples that
To my remember, (as Grant, i need my caffeine truck as well) there are some
MS Outlook CVEs related to the wayMS Outlook shows the "From:" information, to
the extent of showing just some "piece" of it...
So this kinf of "From:" may have significant impact on unpatched computers...
On Thu, 9 Apr 2020 16:17:51 -0400
Kevin A. McGrail wrote:
> On 4/9/2020 10:16 AM, micah anderson wrote:
> > What is the current state of the art for dealing with tricking
> > people in the From with the "Name" part? For example:
> Hi Micah, I believe the FromNameSpoof plugin is the current
On 4/9/2020 10:16 AM, micah anderson wrote:
> What is the current state of the art for dealing with tricking people in
> the From with the "Name" part? For example:
Hi Micah, I believe the FromNameSpoof plugin is the current state of the
art.
--
Kevin A. McGrail
kmcgr...@apache.org
Member,
On 4/9/20 10:12 AM, Lindsay Haisley wrote:
I don't know. I'm no SA expert, but I've worked with DMARC
mitigation code and would assume that a RFC-2822 compliant
understanding of the From address would be the first step.
More caffeine and a little more Googling, I think that SpamAssassin
On 4/9/20 9:19 AM, Grant Taylor wrote:
Would you be willing to rephrase your paragraph hilighting which
addresses you are comparing when?
Thank you for the off-list reply Rick.
I know understand that you are referring to the simple cases where the
human friendly name is abused to look like
On Thu, 2020-04-09 at 10:02 -0600, Grant Taylor wrote:
> Please elaborate
> on what else SpamAssassin needs to know about and do.
I don't know. I'm no SA expert, but I've worked with DMARC mitigation
code and would assume that a RFC-2822 compliant understanding of the
>From address would be the
On 4/9/20 9:33 AM, Lindsay Haisley wrote:
This is actually a common, legitimate technique for dealing with
DMARC mitigation issues on mailing lists and mail redirections.
Yes, re-writing the From: address is a common technique. How it's
re-written is important. (See below.)
I don't know
On Thu, 2020-04-09 at 10:47 -0400, Rick Cooper wrote:
> I wrote my own plugin for that but I don't score very high anymore because
> of things likes this:
> (obviously Mr Bill is not real but the netsuite address is)
>
> From: "Mr Bill (mb...@legitemail.com)"
>
> I find more and more
On 4/9/20 8:47 AM, Rick Cooper wrote:
For detecting possible fraud addresses involving our own people I
wrote a backend look up for exim that looks at any name like "Rick
Cooper" and compares that to a DB with all email addresses for all
employees in all locations and then , if the actual
ddresses that person may have. It also
adds a X-Header that SA can score on at the same time.
Rick
-Original Message-
From: micah anderson [mailto:mi...@riseup.net]
Sent: Thursday, April 09, 2020 10:17 AM
To: users@spamassassin.apache.org
Subject: Spoofed From: names
Hi,
What
Hi,
What is the current state of the art for dealing with tricking people in
the From with the "Name" part? For example:
From: "supp...@example.com"
The "Real Name" part is used to put a fake email address of the actual
domain (example.com would be my domain, or gmail.com or something other
17 matches
Mail list logo
