Anti-phishing using FROM text field information?
Peter H. Lemieux
mailscanner at replies.cyways.com
Thu Aug 20 18:03:45 UTC 2020
I generally handle situations like this with SpamAssassin rules. I'd
give a negative score to messages with realname at realdomain and a larger
positive score to messages with "CEO Smith" in the From line.
header REAL_PEOPLE From =~ /mydomain\.com/i
score REAL_PEOPLE -5
header PHONY_CEO From =~ /CEO Smith/
score PHONY_CEO 15
Don't know if this would help with your problem.
To avoid spoofing I also have a rule on my inbound server that blocks
messages arriving from outside allegedly from mydomain.com. That may
not work for you if your users can send mail from outside the network
with their actual addresses.
Peter
On 8/20/20 1:21 PM, Robert Foreman wrote:
> Sorry, I duplicated the VALID_LIST examples.
>
> If a FROM “Name” is found in VALID_LIST[any] and does NOT match any line in VALID_LIST, then DENY.
>
> I should not need to define all possible invalid email addresses for “CEO Smith”. No AI or Bayes algorithm is needed.
> * Example Invalid: "CEO Smith" <anything.else at whatever.com>
>
> For small organizations with a limited number of people, including outside contacts, it should not be difficult to implement and avoid a large number of impersonation attacks.
More information about the MailScanner
mailing list