Last active
February 7, 2019 13:51
-
-
Save hojendiz/605bc31e303295f32dbea6432996eaf4 to your computer and use it in GitHub Desktop.
Stop email spoofing by having two email address at the From header. Spamassassin Rule
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Some malwares are implementing a technique to spoof email that consist in having two email address in the "From" header: | |
| # From: Amazon Legit Account <confirm@amazon.com> <reception.lvh@hackedemail-domain.com> | |
| # Usually the email clients only show the first email | |
| # This is a local spamassassin rule to prevent this kind of email spoofing. | |
| describe LOCAL_TWO_FROM_EMAILS The From has two emails, probably email spoofing | |
| header LOCAL_TWO_FROM_EMAILS From =~ /<.*\@.*>\s+<.*\@.*>/i | |
| score LOCAL_TWO_FROM_EMAILS 9.0 # Set this value at your discretion |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment