A couple of points.. simply because the To/From are the same, is not an
absolute guide to spam, as this will often be the case in legitimate
email lists, auto generated messages, web forms, et al..
The reason it is a spammer favourite trick though, is hoping the end
user has mistakenly white-listed their domain and/or email address, to
bypass your filters.
And the To, will often be different than your email address for exactly
the same reason, it might be the first address on a large BCC, (empty to
would be worse) or a mailing list address..
What is more important is the value in the MAIL FROM: (EnvelopeSender),
and a pet peeve of mine is the 'too big to block' providers, who allow
emails to relay out or accept it via SMTP, when the domain in their
EnvelopeSender is OBVIOUSLY fake, eg who would send @gmail using a yahoo
server?
PS.. (OFF TOPIC) Spam Folder(s) showing a REALLY noisy day for hotmail
spam..
Mostly all scammers, 'mutual benifit', but always without ANY recipients
in the To or Cc..
NoRecipient rules, when the content is obvious pretending to be directed
to a single email box.. Is an easy catch for filtering.. even easier on
egress when the volumes are high ;)
On 17-06-14 11:17 AM, Laura Atkins wrote:
On Jun 14, 2017, at 10:24 AM, Stefano Bagnara <mai...@bago.org
<mailto:mai...@bago.org>> wrote:
My question is WHY gmail alert me when from and to are equals and
received from an external server but at the same time doesn't care to
alert me if the from is another gmail address or if the to doesn't
contain my address (because I was in CCN). Spoof emails usually try to
make you believe the sender is a friend/customer/coworker/supplier,
not yourself: that's why this message surprised me (Google preferred
to deal with a minor use case before the bigger use case).
That’s an easy one.
a) It’s a well defined use case (to/from are the same, comes from
outside service)
b) It’s common (spammers do this all the time)
c) False positives are not a big deal (if the mail really is to/from
same address, then the user knows they triggered the mail).
Overall, it may seem like a minor thing, but it’s easy to catch, easy to
define and has a low false positive rate. Even in your case - you know
you sent the mail, so it’s not really a big deal. Why wouldn’t you alert
on that?
laura
--
Having an Email Crisis? 800 823-9674
Laura Atkins
Word to the Wise
la...@wordtothewise.com <mailto:la...@wordtothewise.com>
(650) 437-0741
Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
