I understand what you're saying. Yes, my email client only shows the fake email address, so to find the actual email address, I copy the header contents into an email header analyzer. I prefer https://mailheader.org/. It breaks apart the header really nicely and I can see the actual email address.
Thanks Daryl On Sun, Sep 20, 2020 at 11:34 PM @lbutlr <krem...@kreme.com> wrote: > On 20 Sep 2020, at 08:35, Daryl Rose <rosed...@gmail.com> wrote: > > I can blacklist the email address, but I know that won't help. Is there > a rule that I can set up to catch more phishing attempts? > > SPF and DMARC seem to be the only ways to deal with spams from large > senders that are faked, but what is considered ‘faked’ may nt always match > expectations. > > As an example, with many GUI mail clients the client shows the “nice” part > of the from, and does not show the actual address. So some scammer can send > an email from > > From: “supportad...@paypal.com” <spam...@spamsite.tld> > > And the recipient will only see a fake PayPal address. > > > -- > "...and Digby considered how much he liked salt..."