A filter for display name spoofing
I have been getting some spam/phish emails using Display Name Spoofing of some senders I recognize.
In each case the display name is in my personal address book, but the email address of this spam does not match and is different each time. The people being spoofed are aware this is going on but since the spam emails do not originate from their PCs or sometimes not even their ISPs, there isn't any easy fix on their end.
It would be useful to have an inbox filter that would check the personal address book for known display names and made sure the email address matched. Just highlighting a mismatch would be helpful.
Tutte le risposte (2)
Despite V128 not being offered to all users as yet you can manually download it from Thunderbird.net
The new version displays the display name and email address in the message list. Which appear to me to be what you want
As you can see from the image there are three option available for the way the sender is shown the first being the default.
Alternatively you could use the sending email address and a filter to tag the message where the email address is not in your address book
(Ignore the body line I was in the middle of doing something else)
That would see mail that comes from addresses not in your address book coloured with the tag color. I would think that would be a fairly obvious prompt that you really do not know the sender.
On my desktop, I am on v128 and see full name and address in received emails.
When I compose an email, the display name and address are taken from my address book. I assume that when I receive an email, the display name I see is always controlled by the sender as it is stored in the email header.
The problem is I have not memorized all the email addresses in my address book, but I do recognize the display names. There are a lot of John Smiths in the world which would could make filtering on display name a problem, but I have no duplicate display names currently.
Flagging new addresses is a good general solution as it will certainly catch the display name spoofing without trashing a possible display name duplicate that is legit. I think it would still be useful to be able to filter on display name alone and if it appears in the AB, the received address also matches the stored one. This would more accurately target a spoofing attack.
Something like: If 'From Display Name' is in 'Personal Address Book' And If 'From Address' is not in 'Matched Records' Then perform some action