> On Mar 6, 2017, at 12:58 PM, David B Funk <dbf...@engineering.uiowa.edu>
> wrote:
>
> On Mon, 6 Mar 2017, Alan Hodgson wrote:
>
>>> It seems it should be easy to setup “If mail claims to be From: PayPal.com
>>> and is not from PayPal, score +100” but it is not.
>>
>> This is what DMARC is for.
>>
>> Run opendmarc as a milter and reject failures. Or score later on DMARC
>> failure, even if just selectively for highly phished domains.
>>
>> PayPal publishes p=reject, on paypal.com at least, if not their other
>> domains.
>
> But that won't help you when the scammers set the user visible from as
> "acco...@paypai.com" or some other variant (with the actual address part as
> <acco...@example.com> or something else.
>
> user-agents (such as OutHouse) by default only show the "comment" part of the
> address and hide the actual <> address part, making it easy for scammers to
> fool the non-tech savvy users.
And OS-X Mail.app in some configurations, and iOS Mail.
They all fail not just for making phishing so much easier, but get on the phone
with a novice user using any of these email clients and ask them to give you
the actual email address of a sender, especially when they have for example,
two people name “John Smith” emailing them… It’s a terrible, terrible idea to
hide things to make email easier.
Charles
>
> --
> Dave Funk University of Iowa
> <dbfunk (at) engineering.uiowa.edu> College of Engineering
> 319/335-5751 FAX: 319/384-0549 1256 Seamans Center
> Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
> #include <std_disclaimer.h>
> Better is not better, 'standard' is better. B{
