On 12/6/2017 8:06 AM, Ian wrote:
All 14 variations from the MailSploit website apart from #5 triggered
the rule. This is expected as the From: in #5 is simply:
From: "po...@whitehouse.gov" <d...@mailsploit.com>
I.e. there doesn't seem to be an exploit in it ;)
Thanks Ian. I appreciate the testing.
He's apparently over his AWS sending limit so I had to craft my test
emails from the exploit info. Good to know I did it correctly.
With a 10.0 rule, I'll consider the issue closed and that the SA rule
will hammer the emails. So it should really be a non-issue if you use
KAM.cf.
Re: #5. There is an exploit in that From: Where an Email Address is
used in the Name Field. There's been a lot of discussion about that
type of email on list that it likely wouldn't apply to this group of rules.
Regards,
KAM
