From Self Spam....Kinda - ORF Forums

From Self Spam....Kinda RSS Back to forum

1

This is an oddball and maybe you can steer me in the right direction. I had a user get an email this morning that kinda looked like a self spam.
The from on Outlook looked like "" but the from was really " <>" according to the properties.

My question is, is their a way to have this checked so if both the from has 2 separate email addresses in the from then I can flag it?

The email really did come from which I have checks for that part.

Thanks,
Jean

by jean.davis 1 month ago
2

@jean.davis: Hello Jean,

Since kkg.org has a published DMARC policy, you should enable the DMARC Test and mark the "Scrutinize misleading email addresses" checkbox enabled in the DMARC settings dialog (ORF Administration Tool: Blacklists | Authentication > DMARC Test > Settings). This will force the DMARC Test to query every domain found in the From header, not just the one(s) in the "address specification" part, and blacklist the email if it fails any of the DMARC checks.

Note, however, for this to work you will also have to change the value of the "p=" tag in the DMARC record of kkg.org, from "none" to "reject" (or "quarantine"). Otherwise, ORF will ignore the DMARC record. If you cannot edit the DMARC record, disable the "Take no action if a 'p=none' policy is discovered" option in the DKIM Settings dialog.

I hope above proves helpful to you, but let me know if you need further assistance.

by Daniel Novak (Vamsoft) 1 month ago
(in reply to this post)

3

Yes this helps. I'll work on getting that DMARC record changed. Thanks.

Side note, this website makes the arrows invisible. The from field was ::left arrow::::right arrow::

by jean.davis 1 month ago
4

@jean.davis: Yes, the angle brackets (and the content between) are removed because of security reasons. You can use HTML "special entities" to display these characters: https://www.htmlhelp.com/reference/html40/entities/special.html

&lt; Example &gt;

by Daniel Novak (Vamsoft) 1 month ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2