[MlMt] Skull 💀 emoji in the From header

mlmt at rhp.tw mlmt at rhp.tw
Sat Jan 30 20:32:32 EST 2021

Thank you everyone for the answers. Now that I know the reason, I think 
it is a great feature.

On Sat Jan 30, 2021 at 05:10 PM, Bill Cole wrote:

> On 30 Jan 2021, at 16:38, mlmt at rhp.tw wrote:
>> Sometimes I will receive an email that have the skull emoji (💀) in 
>> the **From** header.  At first I thought this might be due to some 
>> autocorrect/auto-substitution that is enabled on my computer  (like 
>> turning a smiley emoticon to an emoji), but that does not seem to be 
>> the case. I also looked at the raw message of the emails  and  didn't 
>> see anything unusual. Both these messages were downloaded from Gmail 
>> and when I look there the skull isn't present. How is this happening?
> As others have noted, this is an intentional *feature* of MailMate, 
> indicating a '@' in a part of the From header commonly called the 
> "display name" because many mail clients show only that part to users, 
> hiding the actual email address.
> The reason to do this is that scammers have figured out that putting a 
> trusted email address in the display name part of the From header is a 
> great way to spoof identities without tripping up any of the common 
> server-side strategies for identifying such fraud. This has lead to an 
> epidemic of what is generally labeled "Business Email Compromise" in 
> which the scammer poses as an executive requesting urgent assistance 
> from a subordinate. Scammers have stolen billions of dollars this way.
> MailMate's approach to this is (as you noted) entirely in the 
> presentation layer. The mail on the server (and in the client-side  
> cache) retains its original data unchanged, so that tools like DKIM 
> which authenticate messages including key headers are not broken by 
> MailMate's presentation. Most other approaches to mitigate BEC are 
> done by modifying one or both of the Subject or From headers, 
> typically breaking any DKIM signature on the message as it is 
> delivered and potentially confusing clients that group messages by 
> those headers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20210131/a30d3b6e/attachment.htm>

More information about the mailmate mailing list