On Wed, 17 Jan 2018 15:32:38 -0600 (CST) sha...@shanew.net wrote: > I started working on this, and quickly realized the hard part is > determining/parsing the domain out of the From:name variable.
I think the hard part is handling IDNs, e.g. "=?UTF-8?B?Zm9vQGLDvGNoZXIuY29t?=" <f...@xn--bcher-kva.com> the display name should decode to the UTF-8 byte sequence for foo@bücher.com, but I presume the address would be left as the ASCII IDN. In the short term it's probably best to avoid matching on IDNs, but that does allow the use of homographs in spoofing ASCII domains. BTW it's best to only match on the organizational domain, to avoid FPs on the likes of: "f...@example.com" <f...@email.example.com>
