On Tue, 2017-10-24 at 13:22 +0200, Merijn van den Kroonenberg wrote:
> > Hello all, I was the original poster of this topic but was away for a
> > couple of days.
> > I find it amazing to see the number of suggestions and ideas that have
> > come up here.
> >
> > However none of the constuctions m
> Hello all, I was the original poster of this topic but was away for a
> couple of days.
> I find it amazing to see the number of suggestions and ideas that have
> come up here.
>
> However none of the constuctions matched "my" From: lines of the form
>
> From: "Firstname Lastname@" sendern...@re
On Mon, 16 Oct 2017 13:19:06 -0400
Mark London wrote:
> Hi - I received a spam message with the following double From address:
>
> From: struth...@psfc.mit.edu, "Lorraine M."
>
>
> But neither of the 2 previously suggested rules were triggered by
> it. I'm sure a simple modification to the rule
Hi - I received a spam message with the following double From address:
From: struth...@psfc.mit.edu, "Lorraine M."
But neither of the 2 previously suggested rules were triggered by it.
I'm sure a simple modification to the rules will cause it to trigger.
Can we get an official rule to test
On Thu, 5 Oct 2017 07:38:23 -0400
Kevin A. McGrail wrote:
On 10/5/2017 7:19 AM, Jakob Curdes wrote:
Not a lot, but the trick is that Outlooks displays both parts, and
users think that it is an internal mail because the "Firstname
Lastname" is real in the company and the "recipient-domain.com" i
On Thu, 5 Oct 2017 07:38:23 -0400
Kevin A. McGrail wrote:
> On 10/5/2017 7:19 AM, Jakob Curdes wrote:
> > Not a lot, but the trick is that Outlooks displays both parts, and
> > users think that it is an internal mail because the "Firstname
> > Lastname" is real in the company and the "recipient-
On 10/5/2017 7:19 AM, Jakob Curdes wrote:
Not a lot, but the trick is that Outlooks displays both parts, and
users think that it is an internal mail because the "Firstname
Lastname" is real in the company and the "recipient-domain.com" is the
real recipient domain.
So it is a trick to circumven
Hello all, I was the original poster of this topic but was away for a
couple of days.
I find it amazing to see the number of suggestions and ideas that
have come up here.
However none of the constuctions matched "my" From: lines of the form
From: "Firstname Lastname@" mailto:sendern...@real-se
On Thu, 5 Oct 2017 12:41:26 +0200
Jakob Curdes wrote:
> Hello all, I was the original poster of this topic but was away for a
> couple of days.
> I find it amazing to see the number of suggestions and ideas that
> have come up here.
>
> However none of the constuctions matched "my" From: lines o
Hello all, I was the original poster of this topic but was away for a
couple of days.
I find it amazing to see the number of suggestions and ideas that have
come up here.
However none of the constuctions matched "my" From: lines of the form
From: "Firstname Lastname@" sendern...@real-senders-d
Am 2017-10-02 19:43, schrieb David Jones:
On 09/27/2017 09:52 AM, Kevin A. McGrail wrote:
I recently stumbled onto a mail with a Spam link where the FROM
header field looked like this:
From: "Firstname Lastname@" sendern...@real-senders-domain.com>
Jakob, just wanted to let you know I iden
On Mon, 2017-10-02 at 23:18 +0200, Benny Pedersen wrote:
> John Hardin skrev den 2017-10-02 23:13:
>
> > Where? \w is not case-sensitive.
>
> perfect then, i had not know that, learning still so
>
Do you have a copy of the 'Camel Book'? AKA "Programming Perl" by Larry
Wall, Tom Christiansen & Jo
John Hardin skrev den 2017-10-02 23:13:
Where? \w is not case-sensitive.
perfect then, i had not know that, learning still so
On Mon, 2 Oct 2017, Benny Pedersen wrote:
John Hardin skrev den 2017-10-02 21:07:
How about:
header __FROM_QUOTES From =~ /"/
header __FROM_MAYBE_SPOOF From:name =~ /\w@\w/
meta__FROM_SPOOF__FROM_MAYBE_SPOOF && !__FROM_QUOTES
(warning: totally untested)
John Hardin skrev den 2017-10-02 21:07:
How about:
header __FROM_QUOTES From =~ /"/
header __FROM_MAYBE_SPOOF From:name =~ /\w@\w/
meta__FROM_SPOOF__FROM_MAYBE_SPOOF && !__FROM_QUOTES
(warning: totally untested)
+1
i can only see one problem with it, that is
David Jones skrev den 2017-10-02 20:54:
I have gone back to my original rule that catches senders that put an
email addresss in the Display Name and do not have quotes.
also matches what i see, non spam have " around from:name while spam
have not
testing if there is a @ in from:name is 2nd
On Mon, 2 Oct 2017, David Jones wrote:
On 10/02/2017 01:11 PM, John Hardin wrote:
On Mon, 2 Oct 2017, David Jones wrote:
> On 09/27/2017 09:52 AM, Kevin A. McGrail wrote:
> >
> > > I recently stumbled onto a mail with a Spam link where the FROM
> > header > field looked like this:
> >
On 10/02/2017 01:11 PM, John Hardin wrote:
On Mon, 2 Oct 2017, David Jones wrote:
On 09/27/2017 09:52 AM, Kevin A. McGrail wrote:
> I recently stumbled onto a mail with a Spam link where the FROM
header > field looked like this:
> > From: "Firstname Lastname@"
sendern...@real-senders-d
On Mon, 2 Oct 2017, David Jones wrote:
On 09/27/2017 09:52 AM, Kevin A. McGrail wrote:
> I recently stumbled onto a mail with a Spam link where the FROM header
> field looked like this:
>
> From: "Firstname Lastname@" > sendern...@real-senders-domain.com>
Jakob, just wanted to let you
David Jones skrev den 2017-10-02 19:43:
https://pastebin.com/f07Gq1kZ
https://pastebin.com/FMsJNGba
This is catching this pretty well so far:
header FROM_SPOOF_EMAIL_DISPLAYFrom =~
/\@[a-z_]+?\.[a-z]{2,3} \
describeFROM_SPOOF_EMAIL_DISPLAYFrom trying to spoof an
email
On 09/27/2017 09:52 AM, Kevin A. McGrail wrote:
I recently stumbled onto a mail with a Spam link where the FROM header
field looked like this:
From: "Firstname Lastname@" sendern...@real-senders-domain.com>
Jakob, just wanted to let you know I identified this issue as well and
just opened
Miles Fidelman skrev den 2017-09-27 20:42:
This could also be an attempt to get a mailing list to work.
i have seen few mails get dkim fail from apache.org, very few, but its
not normaly not dmarc fail for me on this, what is worse is that
opendmarc have still brokken spf support :(
even go
On Wed, 2017-09-27 at 11:42 -0700, Miles Fidelman wrote:
> This could also be an attempt to get a mailing list to work.
>
> There's a continuing problem with email list traffic getting bounced by
> DKIM, and various work-arounds - the gist is that the mail has to come
> from the list manager, bu
This could also be an attempt to get a mailing list to work.
There's a continuing problem with email list traffic getting bounced by
DKIM, and various work-arounds - the gist is that the mail has to come
from the list manager, but you still need a way to indicate the original
author of the mes
Am 27.09.2017 16:54 schrieb "Kevin A. McGrail" :
I recently stumbled onto a mail with a Spam link where the FROM header field
looked like this:
From: "Firstname Lastname@" mailto:sendern...@real-senders-domain.com>
>
Jakob, just wanted to let you know I identified this issue as well and
Kevin A. McGrail skrev den 2017-09-27 16:52:
I recently stumbled onto a mail with a Spam link where the FROM
header field looked like this:
From: "Firstname Lastname@"
Jakob, just wanted to let you know I identified this issue as well and
just opened a ticket about it yesterday to try and fig
I recently stumbled onto a mail with a Spam link where the FROM header
field looked like this:
From: "Firstname Lastname@" sendern...@real-senders-domain.com>
Jakob, just wanted to let you know I identified this issue as well and
just opened a ticket about it yesterday to try and figure ou
On 27 Sep 2017, at 3:16, Jakob Curdes wrote:
Hello all,
I recently stumbled onto a mail with a Spam link where the FROM header
field looked like this:
From: "Firstname Lastname@" sendern...@real-senders-domain.com>
which is displayed in different ways on different devices but most do
disp
Hello all,
I recently stumbled onto a mail with a Spam link where the FROM header field
looked like this:
From: "Firstname Lastname@"
which is displayed in different ways on different devices but most do display something resembling
an internal from address, maybe with an additional second e
29 matches
Mail list logo
