Block real-name email spoofing

article #1572, updated 135 days ago

We see it fairly often. An email comes “From” a real name, but the actual email address is wrong, a spammer’s or scammer’s Gmail or worse. Once we saw this with a very slightly misspelled domain — let’s say “pondervorthy” instead of “ponderworthy”. I just learned of a way to handle it, when one has email filtration which can do it, and when it works for another reason:

Let’s say we’re protecting me. I know all of my email addresses, at work and home. If I set my email filtration system to consider spam everything From “Jonathan E. Brickman” and “Jonathan Brickman”, which does not come from any of my email addresses, that will take good care. The biggest risk is another person named Jonathan Brickman trying to email me. Reportedly, one should actually do it like this, scanning email headers:

FROM: Jonathan Brickman, FROM: "Jonathan Brickman

This is because some of the bad actors are adding spaces after the name text. So the final quote is not set up in the filter rule. It’s really two different FROM field lookups within headers of the email, OR’d, in this system.

Now there are a number of Jonathan Brickmans in the world, but I haven’t met one yet (if you are one, please do email me at jeb@ponderworthy.com, that way we both will have done so at least once); I’m not sure there are many Jonathan Edward Brickmans; but if I found that there were, I’d put in a nickname in parenthesis, set the filtration rule for it

FROM: Jonathan Brickman (JEB), FROM: "Jonathan Brickman (JEB)

and that should do the job nicely, giving me a unique “From” real name for filtration purposes.

There may be other “gotchas”, I will test this over time. It cannot do a comprehensive block, but can clearly help.

In Microsoft Outlook rules, some of the above logic seems to be missing: one cannot filter based on text or email addresses not in the header. I will be checking Exchange Online shortly. One third-party service is confirmed as working well for this.

Categories: