On 12/03/2018 01:51 PM, Alan Hodgson wrote:
The problem though for phishes is that some user agents (ie. Outlook) only display the quoted user-friendly part of the address, not the rest of the From: header. So phishers specifically put a fake @domainbeingphished.com in quotes so your users will see that.
I know that it's strictly against protocol definition, but I've wondered about applying SPF and / or DKIM and / or DMARC to apparent email addresses in the human friendly part of From: headers.
I know that this is actively discouraged, but I do not consider it to be outside of the realm of consideration /if/ this was a large enough problem on my server.
It's your server and you're free to break other peoples rules as you see fit. My only request is that you be honest about the fact that you break the rules. ;-)
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
