From header modification - phishing protection

Discussions on webmail and the Professional version.
Post Reply
dreniarb
Posts: 316
Joined: Mon Jan 19, 2004 5:00 pm
Location: Marion, IN

From header modification - phishing protection

Post by dreniarb » Thu Sep 13, 2018 11:57 am

Mdaemon has a feature called From Header Modification:

http://help.altn.com/mdaemon/en/securit ... ection.htm
This security feature modifies the "From:" header of incoming messages to cause the name-only portion of the header to contain both the name and email address. This is done to combat a common tactic used in spam and attacks where the message is made to appear to be coming from someone else. When displaying a list of messages, email clients commonly display only the sender's name rather than the name and email address. To see the email address, the recipient must first open the message or take some other action, such as right-click the entry, hover over the name, or the like. For this reason attackers commonly construct an email so that a legitimate person or company name appears in the visible portion of the "From:" header while an illegitimate email address is hidden. For example, a message's actual "From:" header might be, "Honest Bank and Trust" <lightfingers.klepto@example.com>, but your client might display only "Honest Bank and Trust" as the sender. This feature changes the visible portion of the header to display both parts. In the above example the sender would now appear as "Honest Bank and Trust (lightfingers.klepto@example.com)" <lightfingers.klepto@example.com>, giving you a clear indication that the message is fraudulent.
Can Mailenable do anything like this? Recently a secretary received an email from "their boss" (ie. it was not their boss) who happened to be out of town. Their boss asked for 5 $100 itunes gift cards with the backs scratched off to be scanned and emailed back to them. Sure enough the secretary did just that. When their boss called later that day the secretary asked "were you able to use those gift cards" to which the boss replied "what gift cards?" :)

Anyways - if the from header had been modified to show the real reply-to email address the secretary probably would have seen that joejob@verizononline2018.net was not their boss' real email address.

Post Reply