[imp] pref to display full from address in mailbox list / message view
Michael Menge
michael.menge at zdv.uni-tuebingen.de
Wed Dec 6 11:49:11 UTC 2017
Hi,
in the last months, we have seen many spam and malware mails that have
used "forged" mail
addresses in the "display-name" part of the from address to misled
users to trust mails
that seam to be send by known senders.
With DMARC, SPF and DKIM it is now possible to verify the sender of a
mail. But IMP
does not display the "angle-addr" or "addr-spec" (see
https://tools.ietf.org/html/rfc5322#section-3.4)
by default in the mailbox list or the message view so users can be
fooled easily.
I know that it is displayed as tool-tip. But some/most users are not
aware of the
tool-tip and those that are will only use it, if they already suspect
that something
is wrong with the mail.
I would like that IMP would display the complete from address by default,
or at least an option or pref to configure that it is shown. IMP 4
used to display
the "angle-addr"/"addr-spec". I remember that displaying the full
address has been
discussed on one of the horde lists some time ago but I was unable to find the
old discussion. I remember that the suggestion has been rejected but
i can't remember the reasons.
I am aware that the space in the "From:" column in the mailbox list is
limited,
but in the message view there is enough space to display the full from
address.
This kind of "spoofing" has become a serious security problem for us
and our users.
Also the following link might be from interest
https://www.mailsploit.com/index
The demos shows that IMP has no problem with \0 and \n and Injections,
the tool-tip
shows the "real" domain, but it is not displayed by default.
Regards
Michael Menge
--------------------------------------------------------------------------------
M.Menge Tel.: (49) 7071/29-70316
Universität Tübingen Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung mail:
michael.menge at zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen
More information about the imp
mailing list