Re: [exim] Anti Phishing Trick

Top Page
Delete this message
Reply to this message
Author: Marilyn Davis
Date:  
To: David Woodhouse
CC: exim-users, Nigel Metheringham
Subject: Re: [exim] Anti Phishing Trick
On Wed, 24 Aug 2005, David Woodhouse wrote:

> On Wed, 2005-08-24 at 09:01 -0700, Marilyn Davis wrote:
> > A forwarded message does not have the local_part@domain of the
> > recipient on the To: header.
>
> What makes you think that? It isn't necessarily true in the general
> case. I _often_ receive mail which is To: my primary address and Cc: to
> an address which gets forwarded there somehow.


But, we're not talking about the general case. We're talking about
Phish. Or mail from a legitimate banking institute. Phish tries hard
to look legitimate and puts one address on the To: header. Or at
least the phish I get looks like that.

If you have your bank sending you mail to 2 addresses that get
forwarded together, and makes you susceptible to phish, then you might
want to fix that. Again, it's not my responsibility.

How about: If there is a To: header that matches the recipient address
and the message fails SPF, then it's phish, or somebody else's mistake
and ought to be rejected so it can be fixed.

Anyone like that?

Marilyn