Hello Sebastian!
On Fri, 26 May 2023, Sebastian Arcus via Exim-users wrote:
> Hello. As so many scams around are based on impersonating someone inside the
> company, I am wondering if anyone here has considered the more extreme
> solution of completely removing any name in the From: header for incoming
> emails? I already have SPF/DKIM/DMARC in place, so the scammers can't
> actually impersonate the sending email address, but they keep on using the
> names of people with positions high up in the company. The risks of falling
> for such emails are much reduced at this stage, but now I'm wondering if the
> next step would be to just strip all names in the From: field altogether and
> just leave the email address? Can Exim do that, and has anyone considered it?
Have you heard of IDNs (domain names with unicode characters)? For
example, your domain is company.com and the bad guy registers c<some
unicode character looking like an o>mpany.com. Then he sets up
SPF/DKIM/DMARC for that domain and sends you an email. Could you tell just
from the email address if it's from your CEO or a scammer?
Removing the names to force users to look at the email address can help to
the lower the risk of falling for less sophisticated scams, but it
wouldn't work for more professional frauds.
ciao
Markus
--
/ Markus Reschke \
\ madires@??? /
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
