Autor: Marilyn Davis Data: Para: David Woodhouse CC: exim-users, Nigel Metheringham Asunto: Re: [exim] Anti Phishing Trick
On Wed, 24 Aug 2005, David Woodhouse wrote:
> On Wed, 2005-08-24 at 09:01 -0700, Marilyn Davis wrote:
> > A forwarded message does not have the local_part@domain of the
> > recipient on the To: header.
>
> What makes you think that? It isn't necessarily true in the general
> case. I _often_ receive mail which is To: my primary address and Cc: to
> an address which gets forwarded there somehow.
But, we're not talking about the general case. We're talking about
Phish. Or mail from a legitimate banking institute. Phish tries hard
to look legitimate and puts one address on the To: header. Or at
least the phish I get looks like that.
If you have your bank sending you mail to 2 addresses that get
forwarded together, and makes you susceptible to phish, then you might
want to fix that. Again, it's not my responsibility.
How about: If there is a To: header that matches the recipient address
and the message fails SPF, then it's phish, or somebody else's mistake
and ought to be rejected so it can be fixed.
