On 4/9/20 8:47 AM, Rick Cooper wrote:
For detecting possible fraud addresses involving our own people I wrote a backend look up for exim that looks at any name like "Rick Cooper" and compares that to a DB with all email addresses for all employees in all locations and then , if the actual rcoo...@domain.com doesn't match any of those listed for that name, it rewrites the subject and appends a noticeable disclaimer to the subject line stating the email is not from rcoo...@domain.com and any other addresses that person may have. It also adds a X-Header that SA can score on at the same time.
Maybe it's the fact that I'm only a couple of drinks into my caffeine, but I'm having trouble unpacking that paragraph. Would you please clarify, possibly with an example failure. I think I'm mainly getting caught up on which part of the email you're comparing when.
From: "John Doe (j...@example.net)" <doe-j...@freemail.example.com>
\___________________________/ \_____________________________/
human friendly name email address
\______/ \________________/
name fake address
These are the terms that I usually use to describe these parts. -- I
wonder if there are any better terms that I should use.
Would you be willing to rephrase your paragraph hilighting which addresses you are comparing when?
Thank you. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
