On 12/8/20 11:04 AM, Jesse Thompson via mailop wrote:
I think your later statement suggests that you *almost* like the idea
;-) but would prefer the implementation to occur at the MUA level
instead of manipulation by MTAs.
Dislike of one thing (showing the friendly from) is not support for
an
On 08/12/2020 21:35, Ángel via mailop wrote:
By the way, how did the "buy amazon and google vouchers" work? That is
a new one for me. I am used to CEO fraud wanting to transfer a big
amount from the company account, not having the employees buying (with
their own money?) amazon vouchers.
pretty
At the small company I work at we see this sort of attack frequently.
Especially this time of year when the crooks dust off the ol’ “Busy
boss here. Need’ya to buy me gift cards as client gifts” scam. Over
the years, at least one employee has fallen for this, and another came
close. During non-
On 2020-12-08 at 12:13 +, Tim Bray wrote:
> If I stripped the name, they would have seen mablecri...@gmail.com
> and hopefully noticed sooner.
>
> Thoughts or ideas?
You would still have most of them falling when, next time, they email
you from darrensm...@bossmail.com though. :-/
I would re
On 8 Dec 2020, at 7:13, Tim Bray via mailop wrote:
Because the domain part is checked by SPF and DKIM. The but name
(Bob Smith) is not.
You're thinking too much of DMARC, which applies a concept of DKIM
signature "alignment" between the From header domain and the d= element
in a DKIM signat
On 12/8/20 11:26 AM, mailop@mailop.org wrote:
> But if it did happen - be ready for the chorus of... "But it used to show the
> person's name, why did it change? Can you change it back?"
That what I assumed too. However, the complaints are extremely low for us (we
do employ a nuanced approach
On 12/8/20 10:41 AM, mailop@mailop.org wrote:
> On 12/8/20 5:13 AM, Tim Bray via mailop wrote:
> I *REALLY* dislike the idea. I think it is fundamentally flawed, in a mostly
> non-technical way.
...
> This one of the reasons why I hate the idea of not showing the full email
> address in email c
On 8 Dec 2020, at 7:32, Mary via mailop wrote:
A solid idea, but you would have to avoid modifications to DKIM signed
emails that sign the From header field via the h= tag as specified by
RFC6376 secton 5.4 and 5.4.1.
Or validate the signature and re-sign the message including that
validatio
Here we go:
if !/^DKIM-Signature:/
/^From:.*<(.*)>/ REPLACE From: <${1}>
/^From:\s?(.*)(\s+\(.*)/ REPLACE From: <${1}>
endif
If its not a DKIM signed email, replace From addresses that match these formats:
From: Mr Fake
From: em...@address.tld (Mr Fake)
I just run a quick test with postfix,
Good idea or not, that's a debate.
But if it did happen - be ready for the chorus of... "But it used to show
the person's name, why did it change? Can you change it back?"
People don't respond well to change. Even if it's for the betterment of
humankind, that's not really comprehensible.
On Tu
> Background:
>
> Some people at work fell for a scam email where the From line was
>
> From: =?UTF-8?Q?Darren_Smith=C2=A0?=
We have been beating this drum for ages, most recently here:
https://www.theinternetpatrol.com/warning-having-email-display-senders-contact-image-and-info-helps-scammer
On 2020-12-08 at 16:13 +0200, Mary via mailop wrote:
> So in postfix you'd do something like this? (under header_checks)
>
> /^From:.*<(.*)>/ REPLACE From: $1
>
> I wrote that in my email client, so I don't expect my regex to work. I guess
> it would be fun to see how much damage I can do with s
On 12/8/20 5:13 AM, Tim Bray via mailop wrote:
Hi,
Hi,
I'm wondering if it might be a good idea to strip all sender names from
emails coming into our corporate email system. To avoid a false name
being used by a scammer.
So rewrite a header like
`From: Bob Smith ` to `From: b...@exampl
So in postfix you'd do something like this? (under header_checks)
/^From:.*<(.*)>/ REPLACE From: $1
I wrote that in my email client, so I don't expect my regex to work. I guess it
would be fun to see how much damage I can do with something like that...
On Tue, 8 Dec 2020 13:09:16 + Tim B
On 2020/12/08 13:09, Tim Bray via mailop wrote:
> On 08/12/2020 12:32, Mary via mailop wrote:
> > A solid idea, but you would have to avoid modifications to DKIM signed
> > emails that sign the From header field via the h= tag as specified by
> > RFC6376 secton 5.4 and 5.4.1.
>
> They aren't goi
On 08/12/2020 12:32, Mary via mailop wrote:
A solid idea, but you would have to avoid modifications to DKIM signed emails
that sign the From header field via the h= tag as specified by RFC6376 secton
5.4 and 5.4.1.
They aren't going to go any further once they will come in. So I don't
thin
A solid idea, but you would have to avoid modifications to DKIM signed emails
that sign the From header field via the h= tag as specified by RFC6376 secton
5.4 and 5.4.1.
On Tue, 8 Dec 2020 12:13:57 + Tim Bray via mailop wrote:
> Hi,
>
> I'm wondering if it might be a good idea to stri
Hi,
I'm wondering if it might be a good idea to strip all sender names from
emails coming into our corporate email system. To avoid a false name
being used by a scammer.
So rewrite a header like
`From: Bob Smith ` to `From: b...@example.org`
Because the domain part is checked by SPF and
18 matches
Mail list logo