Fixing email display name spoofing
The words "email" and "security" have never mixed, but some things are just too ridiculous to be left as they are.
There are several ways to spoof email, each with their own countermeasures:
- Sender email address -> DKIM and SPF
- Sender email display name -> Solution below
While researching ways to fix this, I came across different methods, ranging from database lookups of valid names to looking for suspicious patterns in the display name. None of those methods get to the root of the problem which is that
senders email display name should never have been a "field" that existed in the first place.
Whose idea was it to create a field where anyone can type in "John Smith" as their name, and to top it all off, the recipients mobile device happily says "you have email from John Smith". Really? From John Smith? Are you sure? No? Not even little bit sure? Is that because anyone can type in anything they want and there is nothing to verify it against? Then why would you show such information as if it's the truth? No thanks.
To reverse this horrible mistake, the solution is obvious. Let's remove email display name from existence and display only email addresses (which can still be spoofed, but at least there are countermeasures in place for anyone trying to get away with it)
vi /etc/postfix/header_checks/^FROM:.<(.@.)>/ REPLACE From: <$1> /^REPLY-TO:.<(.@.)>/ REPLACE Reply-to: <$1>postmap -r header_checkspostfix reload