Le 28/06/2016 à 16:13, David Jones a écrit :
From: RW <rwmailli...@googlemail.com>
That wont work in this example because nothing has actually been spoofed.
...
All it takes is a compromised account on a trusted mail server (happens all of the time) to provide a conduit for this type of phishing email. Very easy to do which is why we are going to see more and more of this.
Or, if your company is a worthwhile target, it is equally easy for the scammer to setup a lookalike domain and configure it with proper SPF, DKIM and the like. Who's going to notice that the message came from examp1e.com instead of example.com?
Theoretically, of course, custom SA rules could be written to detect such lookalikes, but even then, all it takes is for a scammer to have a slightly better imagination than the person writing the rules!
-- John
