Anti-phishing using FROM text field information?

Peter H. Lemieux mailscanner at
Thu Aug 20 18:03:45 UTC 2020

I generally handle situations like this with SpamAssassin rules.  I'd 
give a negative score to messages with realname at realdomain and a larger 
positive score to messages with "CEO Smith" in the From line.

header REAL_PEOPLE         From =~ /mydomain\.com/i
score REAL_PEOPLE          -5

header PHONY_CEO           From =~ /CEO Smith/
score PHONY_CEO            15

Don't know if this would help with your problem.

To avoid spoofing I also have a rule on my inbound server that blocks 
messages arriving from outside allegedly from  That may 
not work for you if your users can send mail from outside the network 
with their actual addresses.


On 8/20/20 1:21 PM, Robert Foreman wrote:
> Sorry, I duplicated the VALID_LIST examples.
> If a FROM “Name” is found in VALID_LIST[any] and does NOT match any line in VALID_LIST, then DENY.
> I should not need to define all possible invalid email addresses for “CEO Smith”.  No AI or Bayes algorithm is needed.
> * Example Invalid:  "CEO Smith" <anything.else at>
> For small organizations with a limited number of people, including outside contacts, it should not be difficult to implement and avoid a large number of impersonation attacks.

More information about the MailScanner mailing list