On Fri, 4 Oct 2019, Philip wrote:
Morning List,
Lately I'm getting a bunch of emails that are showing up with two email
addresses in the From: field.
From: "Persons Name <lo...@address.nz>" <s...@address.com>
When you look in your mail client (Outlook, Thunderbird) it's showing only
"Persons Name <lo...@address.nz>"
Is there a way I can mark From: that has 2 email addresses in it as spam?
Pro's Cons?
Phil
I seem to remember past discussions of this sort of thing.
Bottom line, it's a mixed bag. There are legitimate messages that include an
address'ey looking in the "comment" part of the 'From:' header.
Use the "header rule_name From:name =~ /target\@some\.place/"
format rule (IE use the From:name field).
This works best when looking for spear-phishing type messages where you're
looking for specific kinds of deception, EG:
header T_PAPAL_PHISH4 From:name =~
/\b(?:Pay[Pp]al|service)\@paypal\.com\b/
For a general rule, I wouldn't treat it as a hard spam sign but use it in
combination with meta's
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
