Would a plugin need to be created (or an existing one enhanced) to be
able to detect this type of spoofed From header?
From: "h...@hulumail.com !" <lany...@hotmail.com>
https://pastebin.com/vVhGjC8H
Does anyone else think this would be a good idea to make a rule that at
least checks both the From:name and From:addr to see if there is an
email address in the From:name and if the domain is different add some
points?
We are seeing more and more of this now that SPF, DKIM, and DMARC are
making it harder to spoof common/major brands that have properly
implemented some or all of them.
--
David Jones
