Hi List Lately, our customers are getting an increased amount of phishing emails, or emails containing malware with legit looking From: headers from either banks, or even from our own customer support.
SPF would block the From email addresses if also used as envelope sender. But the, from the customers perspective 'hidden' envelope sender is different and does match SPF. So we get complaints why we let such emails with faked From: header through our content filter. As we use MIMEDefang as filter, we can easily match From and envelope sender and do something with it, like increasing spam score. But: * A lots of ESP sending Newsletters, have different From and Envelope Sender to manage bounces. * Mailinglists use different From headers. * SRS So another thought was to append the String 'Possible fake sender' to the From: Header string. But also this would match an awful lot of legitimate newsletters and possibly break DKIM signatures. Has anyone come up with a clever recipe for this issue? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop