On 8 Dec 2020, at 7:32, Mary via mailop wrote:
A solid idea, but you would have to avoid modifications to DKIM signed
emails that sign the From header field via the h= tag as specified by
RFC6376 secton 5.4 and 5.4.1.
Or validate the signature and re-sign the message including that
validation before doing modifications.
I recognize the issues with that. They also exist with the increasingly
widespread addition of "[EXTERNAL]" tags in Subject headers. They also
exist with default and/or widely-used Sendmail behaviors with both From
and To headers. DKIM is inherently fragile.
On Tue, 8 Dec 2020 12:13:57 +0000 Tim Bray via mailop
<mailop@mailop.org> wrote:
Hi,
I'm wondering if it might be a good idea to strip all sender names
from
emails coming into our corporate email system. To avoid a false
name
being used by a scammer.
So rewrite a header like
`From: Bob Smith <b...@example.org>` to `From: b...@example.org`
Because the domain part is checked by SPF and DKIM. The but name
(Bob
Smith) is not.
Background:
Some people at work fell for a scam email where the From line was
From: =?UTF-8?Q?Darren_Smith=C2=A0?= <mablecri...@gmail.com>
That's a Darren_Smith with a non breaking space on the end.
mablecri...@gmail.com is the real scammer address.
Darren Smith (not his real name) is the Managing director of their
employer. And they just trusted the name, and didn't check the
domain. To the more experienced members of staff it was so
blatantly a
scam they just deleted it. To the junior members, they rushed to
the
shops for amazon and google vouchers thinking they were on a special
mission for the big boss. £1300 lost, some maybe recovered.
If I stripped the name, they would have seen mablecri...@gmail.com
and
hopefully noticed sooner.
Thoughts or ideas?
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
