On Fri, 28 Jun 2019, Sujit Acharyya-Choudhury via Exim-users wrote:
> Is there a safe way to rewrite From field for ALL incoming messages?
Sadly there is not.
Or at least there is no way to determine *for all messages*
what would be a safe string to use as the replacement.
Each message can have two "from" lines; I can't remember the proper
terminology but call them "the Envelope From" and "the header From:",
and then there is the Reply-To: header too.
Some of these can contain more than one address and some can have a name
as well as an address.
Each of these is under control of the original sender.
SPF, DKIM, DMARC (and ARC) are all attempts at allowing intermediate
mail servers to verifying and authenticate one or more of these
address/names, or at least saying "I cannot confirm this address".
This problem is well known and many people have attempted to find
solutions to what is ultimately a fundamental problem with SMTP,
but ultimately if you cannot trust every step of the chain there
is no way of computing a safe answer.
> We are having problems with Phishing where recipients only see the
> From field and assume it has come from a trusted person and then click
> on the link or download the file.
> An example is as follows:
>
> =======================================================
> From: Sujit Choudhury <mailto:englishmailer@protonmail.com>
> Date: Tue, 25 Jun 2019 at 12:22
> Subject: Hello
> To: mailto:j.baird@bbk.ac.uk <mailto:j.baird@bbk.ac.uk>
>
> Are you in the office?
> Please click on the link below:
>
>
> ============================================================================
> =================================================
> In this case j.baird thought, that the mail came from me, and like many
> people reading their mails on phone, only the first part of the From field
> is visible.
>
>
>
>
> Regards
>
> Sujit
>
> Sujit Choudhury | IT Services
> Systems Administrator
> Birkbeck, University of London
> Tel: 020 3073 8020
>
>
>
>
>
