From address is different to mailto: address RSS Back to forum
Hello Russell,
What you have just described is called "MIME/From header spoofing" - which is an entirely legal practice by RFC standards, thus spammers often exploit it. You may find the instructions on how to block this kind of spam in our related article at https://vamsoft.com/support/docs/articles/how-to-blacklist-self-spam#mime-sender-spoofing. I hope this helps.
@Daniel Novak (Vamsoft):
For extra points you can implement a test for similar domain names that at quick glance may fool your users. This would need to be an external agent. Levenstein distance measures how many character's change would be required to convert one domain name to another. This is one does not hit often but it was fun to do. This was how I got started:
http://www.codeproject.com/Tips/102192/Levenshtein-Distance-in-Windows-PowerShell
Hi, we are seeing an increase in emails, where by the sender address is from someone within our domain, even though the really email address is not. Here is one such email.
From: []
Sent: 21 April 2017 08:38
Is there a way to setup a check against this so the from and mailto domains have to match? If not then mark it as spam?
Thanks
Russell