[UI] Better Alert for Spoofed Message
Idea shared by kevind - 3/11/2020 at 2:44 PM
Build 7242 shows this message when you view a spoofed message and it's pretty weak/vague:

This email has a mismatched email address. This can indicate spam.
So I propose something a bit stronger to get the user's attention:

WARNING: possible spam/phishing -- this message has a mismatched email address.

2 Replies

Reply to Thread
Yes, this probably indicates advertising, but not all advertising is spam (both unsolicited and unwanted).

Just as significantly, as soon as a user is told that there is a mismatch, he will want to see the mismatch.   When there is no mismatch to be found, he is likely to respond in ways that are not useful.

However, I think it would be very interesting to just tell him truth:

From:  "BigRetailer Loyalty Program" marketing@bigretailer.com

I expect users will quickly learn that some advertisers are more reputable than others.

Equally, we get a lot of spam where both addresses are for the same domain because they are using garbage domains instead of a mass mailer.  But knowing that a message is advertising seems useful.

Some standardization of the 'by" address is probably desirable, to remove at least VERP and BATV.  Maybe unwrap SRS headers back to the original value.  Then remove anything after a "+" in the localpart of the By address.   This makes the text shorter and less confusing to the user.

Of course, everyone has an opinion, so there should probably by some opt-in/opt-out choices, at least at the domain level and above.

Reply to Thread