spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charles Sprickman <>
Subject Re: New whitelisting trick using from and spf
Date Mon, 06 Mar 2017 22:52:41 GMT

> On Mar 6, 2017, at 12:58 PM, David B Funk <> wrote:
> On Mon, 6 Mar 2017, Alan Hodgson wrote:
>>> It seems it should be easy to setup “If mail claims to be From:
>>> and is not from PayPal, score +100” but it is not.
>> This is what DMARC is for.
>> Run opendmarc as a milter and reject failures. Or score later on DMARC
>> failure, even if just selectively for highly phished domains.
>> PayPal publishes p=reject, on at least, if not their other domains.
> But that won't help you when the scammers set the user visible from as ""
or some other variant (with the actual address part as <> or something
> user-agents (such as OutHouse) by default only show the "comment" part of the address
and hide the actual <> address part, making it easy for scammers to fool the non-tech
savvy users.

And OS-X in some configurations, and iOS Mail.

They all fail not just for making phishing so much easier, but get on the phone with a novice
user using any of these email clients and ask them to give you the actual email address of
a sender, especially when they have for example, two people name “John Smith” emailing
them…  It’s a terrible, terrible idea to hide things to make email easier.


> -- 
> Dave Funk                                  University of Iowa
> <dbfunk (at)>        College of Engineering
> 319/335-5751   FAX: 319/384-0549           1256 Seamans Center
> Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
> #include <std_disclaimer.h>
> Better is not better, 'standard' is better. B{

View raw message