On 4/9/20 9:19 AM, Grant Taylor wrote:
Would you be willing to rephrase your paragraph hilighting which addresses you are comparing when?
Thank you for the off-list reply Rick.I know understand that you are referring to the simple cases where the human friendly name is abused to look like the actual email address the sender wants recipients to see.
I thought you were trying to do something more complex like take the name portion of the human friendly name and match it against the company directory (possibly with reordering & case folding & etc.) to look up candidate email addresses for the name, then comparing those candidate names with the email address in the From: header and taking some form of action if there wasn't a match.
Now it seems like you are treating the fake address portion of the human friendly name as -- in Sendmail parlance -- a "protected recipient". If the fake address is on the list, then the email address had better match the fake address.
I wonder if this might be simplified a little bit. If the domain part of fake address is one of the local domains -- "Class w" in Sendmail parlance -- then the email address must match the fake address. It seems like there would be less to lookup working on just the domain part instead of full email addresses.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
