Anti-phishing using FROM text field information?
Robert Foreman
rforeman at lsfiore.com
Thu Aug 20 14:33:37 UTC 2020
I am trying to describe an anti-phishing technique with an official VALID_LIST, without using AI or statistical analysis. I don’t know why this hasn’t been implemented as an option for smaller organizations.
* Define VALID_LIST[1]: "CEO Smith" <noreply at business-cloud.com>
* Define VALID_LIST[2]: "CEO Smith" <ceo_smith at business-LAN.com>
Examine the mail header FROM.
* Define VALID_LIST[1]: "CEO Smith" <noreply at business-cloud.com>
* Define VALID_LIST[2]: "CEO Smith" <ceo_smith at business-LAN.com>
If a FROM “Name” is found in VALID_LIST[any] and does NOT match any line in VALID_LIST, then DENY.
I should not need to define invalid email addresses for “CEO Smith”.
* Example Invalid: "CEO Smith" <anything.else at whatever.com>
Is this implemented anywhere? Am I completely wrong that this pseudocode example will not help stop phishing messages attempting to use the FROM field to impersonate people’s names?
CONFIDENTIAL – This message and any attachments are confidential, and intended only for the individual or entity named above. If you are not the intended recipient, please do not read, copy, use or disclose this communication to others; also please notify the sender by replying to this message, and then delete it from your system. Thank you.
More information about the MailScanner
mailing list