From address is different to mailto: address - ORF Forums

From address is different to mailto: address RSS Back to forum

1

Hi, we are seeing an increase in emails, where by the sender address is from someone within our domain, even though the really email address is not. Here is one such email.
From: []
Sent: 21 April 2017 08:38

Is there a way to setup a check against this so the from and mailto domains have to match? If not then mark it as spam?
Thanks
Russell

Reply
by russell.singer 6 years ago
2

Hello Russell,

What you have just described is called "MIME/From header spoofing" - which is an entirely legal practice by RFC standards, thus spammers often exploit it. You may find the instructions on how to block this kind of spam in our related article at https://vamsoft.com/support/docs/articles/how-to-blacklist-self-spam#mime-sender-spoofing. I hope this helps.

Reply
by Daniel Novak (Vamsoft) 6 years ago
3

@Daniel Novak (Vamsoft): For extra points you can implement a test for similar domain names that at quick glance may fool your users. This would need to be an external agent. Levenstein distance measures how many character's change would be required to convert one domain name to another. This is one does not hit often but it was fun to do. This was how I got started:

http://www.codeproject.com/Tips/102192/Levenshtein-Distance-in-Windows-PowerShell

Reply
by Sam Russo 6 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2