Seth Goodman wrote:
From: Stuart D. Gathman [mailto:stuart(_at_)bmsi(_dot_)com]
Sent: Thursday, August 18, 2005 12:14 AM
<...>
My idea is to skip the blocking altogether. Just make sure that
the MAIL FROM domain shows up in either From or Sender, by
adding or renaming and replacing Sender if required. Presto,
the MAIL FROM domain is displayed in the worlds most popular
MUAs.
That's a neat trick. If there's already is a Sender:, but from a different
domain, you could do what Frank suggested: rename Sender: to
X-Original-Sender: and add a new Sender: header. It will do a good job of
showing the real message originator to the average user on an MS MUA. I
don't think that most phishes would be as effective if the From: line in MS
Outlook displayed,
From: Gluteus Maximus [i-m-a-phisher(_at_)nowhere(_dot_)cn] on behalf of EBay
Billing
Dept [billing(_at_)ebay(_dot_)com]
In fact, it might be a real coup to write a plug-in for each of those MUA's
to do this internally. In that case, even if the MSA and MDA failed to
"fix" the headers, the user would still see the right thing. Great idea!
Unfortunately not all MUAs display Sender in any form. I just checked
and my Thunderbird appears to be among the ones that don't display it.
It's a neat hack, but I'm not sure how far it would go.
Scott K