On Thu, 18 Jan 2018, RW wrote:
I think the hard part is handling IDNs, e.g.
"=?UTF-8?B?Zm9vQGLDvGNoZXIuY29t?=" <f...@xn--bcher-kva.com>
the display name should decode to the UTF-8 byte sequence for
foo@bücher.com, but I presume the address would be left as the ASCII
IDN.
In the short term it's probably best to avoid matching on IDNs, but that
does allow the use of homographs in spoofing ASCII domains.
Yeah, that occured to me, and I decided to set that problem aside for
now (probably someone more familiar with the issues should address
it).
BTW it's best to only match on the organizational domain, to avoid
FPs on the likes of:
Do you (or anyone, for that matter) have samples of emails like this
that they could share for me to test against?
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT CompSci
=----------------------------------+-------------------------------
All syllogisms contain three lines | sha...@shanew.net
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
