On 26/05/2023 13:43, Markus Reschke via Exim-users wrote:
Hello Sebastian!
On Fri, 26 May 2023, Sebastian Arcus via Exim-users wrote:
Hello. As so many scams around are based on impersonating someone
inside the company, I am wondering if anyone here has considered the
more extreme solution of completely removing any name in the From:
header for incoming emails? I already have SPF/DKIM/DMARC in place, so
the scammers can't actually impersonate the sending email address, but
they keep on using the names of people with positions high up in the
company. The risks of falling for such emails are much reduced at this
stage, but now I'm wondering if the next step would be to just strip
all names in the From: field altogether and just leave the email
address? Can Exim do that, and has anyone considered it?
Have you heard of IDNs (domain names with unicode characters)? For
example, your domain is company.com and the bad guy registers c<some
unicode character looking like an o>mpany.com. Then he sets up
SPF/DKIM/DMARC for that domain and sends you an email. Could you tell
just from the email address if it's from your CEO or a scammer?
Removing the names to force users to look at the email address can help
to the lower the risk of falling for less sophisticated scams, but it
wouldn't work for more professional frauds.
That is an interesting point - thank you for flagging it. I haven't seen
such a case yet in my setups, but I can see it being perfectly possible.
At the moment we are bombarded with emails of the type
From: Director Name <randomaddr...@gmail.com>
Hence why I was considering stripping the name from all incoming From:
headers. In general things are holding out quite well so far, as the
users are constantly reminded to be vigilant and the real domain can't
be spoofed because of DKIM/DMARC/SPF - but I am constantly looking into
ways to strengthen the security.
ciao
Markus
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
