A very common spammers practice is to send a mails hiding the real senders and recipients, let me explain:
First example: They send spam/scam/phishing mails from
Second example: Spammers send mails from
On the first example the spammers/scammers wants to make people think that it comes from a legitimate account
On the second example, the spammers/scammers wants to make people think that it comes from a legitimate account
The problem with this emails is that they actually comes from a real accounts/domains, the domains have correct spf, rdn and dkim records, and the accounts actually exists, so all dkim, spf and rdn and other checks pass and this mails goes directly to inbox.
There is no way to see at naked eye that the emails really comes from other accounts or they are targeted to real accounts only if you see the headers or see the real sender making some taps or clicks on the "FROM" field on the email client, and this is a very big problem and security issue.
My clients and i receive dozens of this mails everyday... so my question:
Is there a way to reject mails that the FROM: AND/OR TO: fields do not match on the real sender/recipient that are on the headers?
First example: They send spam/scam/phishing mails from
[email protected] but in the FROM: field on the email client (webmail or any other app) it shows like is coming from [email protected]Second example: Spammers send mails from
[email protected] that in the FROM field on the email client (webmail or any other app) shows like is coming from [email protected] AND they send scam mails to any valid mail like [email protected] BUT on the TO: field on the email client (webmail or any other app) it shows that the mail is TO any other fake user like [email protected]On the first example the spammers/scammers wants to make people think that it comes from a legitimate account
[email protected] when it actually comes from [email protected]On the second example, the spammers/scammers wants to make people think that it comes from a legitimate account
[email protected] when it actually comes from [email protected], but also, they wants to make people think that the mail arrived on its mailbox by mistake because the TO: field says [email protected] when the mail actually was targeted to [email protected]The problem with this emails is that they actually comes from a real accounts/domains, the domains have correct spf, rdn and dkim records, and the accounts actually exists, so all dkim, spf and rdn and other checks pass and this mails goes directly to inbox.
There is no way to see at naked eye that the emails really comes from other accounts or they are targeted to real accounts only if you see the headers or see the real sender making some taps or clicks on the "FROM" field on the email client, and this is a very big problem and security issue.
My clients and i receive dozens of this mails everyday... so my question:
Is there a way to reject mails that the FROM: AND/OR TO: fields do not match on the real sender/recipient that are on the headers?
i was looking a way on exim website and github to make a request on something that could help to mitigate this mails but i could not find any, i do not think it would be difficult to implement something that could help on this but idk... 