On Wed, 29 Mar 2017, Matus UHLAR - fantomas wrote:
On Tuesday 28 March 2017 13:58:43 Alex wrote:
> I'd like to be able to use the fact that the To address is not the
> same as the address shown in the Received header in a meta of some
> kind.
>
> How frequent would you think that would appear in ham alone? It's the
> basis for a number of phishing attacks here, so I'd like to see about
> using it in some way.
On 28.03.17 11:25, Alan Hodgson wrote:
Checking that the envelope recipient address is in To or Cc works great on
my
mail and also for any public role addresses like sales or support, but
probably not so much for general users. Any BCC will hit such a rule. And
of
course you have to exclude real mailing list mail.
that means such rule should exclude __HAS_LIST_ID
...which makes it trivially easy for a phisher to bypass.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
You are in a maze of twisty little protocols,
all written by Microsoft.
----------------------------------------------------------------------
3 days until April Fools' day
