Re: FROM header with two email addresses

[Benny Pedersen]

David Jones skrev den 2017-10-02 19:43:

https://pastebin.com/f07Gq1kZ
https://pastebin.com/FMsJNGba
This is catching this pretty well so far:

header          FROM_SPOOF_EMAIL_DISPLAY    From =~ 
/\@[a-z_]+?\.[a-z]{2,3} \</i
describe        FROM_SPOOF_EMAIL_DISPLAY    From trying to spoof an
email address in the display name
score           FROM_SPOOF_EMAIL_DISPLAY    4.2

From:  some...@example.com <maintena...@soldive.fr>

also imho from:name must be with qouted content like

From: "some...@example.com" <maintena...@soldive.fr>

for being rfc valid, was the extra space from from: added by you ?, i 
have only seen spam bots do this

you miss hits on tld with the above tests with only support 3 chars 
tlds, no ?