Hi,
I've a couple of fun ones at the moment. Basically I'm getting reports of
phishing emails that get past everything.
The headers are like this:
Reply-to: Sender Name <n...@recipientdomain.tld-1.me>
To: recipi...@recipientdomain.tld
From: Sender Name <f...@domain.tld>
From: Sender Name <f...@domain2.tld>
From: Sender Name <actualsmtpfromaddr...@legitimatebutcompromiseddomain.tld>
These bypass no spoofing as none of the from/SMTP header domains are actually
the recipient domain. Annoyingly, Outlook chooses the Reply-to address to
display so it appears almost legitimate.
I'm aware that the RFCs allow multiple from headers, though I can't see of any
legitimate reason for this so I was considering blocking or increasing spam
score based on this - is this possible with ASSP at the moment or not?
The second thing I was looking at doing was coming up with a regex.
Essentially, all recipient domains are in localdomains.txt so I'd want a regex
that would take all lines from localdomains. If the reply to or smtp from
address is a line from localdomains with anything else after it, then bin it. I
accept that there may in some extremely obscure cases be a clash with a
legitimate domain but do not believe that to be likely. I'll have a look next
week as to if I can figure out a way to do it but if there's something obvious
that you could let me know that'd be great.
All the best,
Colin.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test