Just looking at a phishing email I received and at first glance I wasn't
sure how SA (or more-specifically my SA install/configuration) didn't
score this as spam.
Looks like I have a whitelist setup for alerts from comcast (probably a
bad idea, but let's address that separately).
The following header is the FROM in the message envelope.
From: =?utf-8?Q?B=CC=B7B=CC=B7&T?= <online.communications@alerts.comcast.net>
And the email is supposedly one telling me my credit card has been
compromised, click here to restore access, yada, yada, yada. (I do not
bank with BB&T at all.)
I am using the KAM and many of the other rules recommended by those on
this list. Besides the whitelist mistake, would this "disguised From"
be detected by some of the other rulesets (I also use KAM)? I thought I
read a post or announcement that this type of disguise was detected
pretty-well?
Thanks for any help.
-AJ
sure how SA (or more-specifically my SA install/configuration) didn't
score this as spam.
Looks like I have a whitelist setup for alerts from comcast (probably a
bad idea, but let's address that separately).
The following header is the FROM in the message envelope.
From: =?utf-8?Q?B=CC=B7B=CC=B7&T?= <online.communications@alerts.comcast.net>
And the email is supposedly one telling me my credit card has been
compromised, click here to restore access, yada, yada, yada. (I do not
bank with BB&T at all.)
I am using the KAM and many of the other rules recommended by those on
this list. Besides the whitelist mistake, would this "disguised From"
be detected by some of the other rulesets (I also use KAM)? I thought I
read a post or announcement that this type of disguise was detected
pretty-well?
Thanks for any help.
-AJ