Provided by: spamassassin_3.4.4-1ubuntu1_all bug


       FromNameSpoof - perform various tests to detect spoof attempts using the From header name


       loadplugin    Mail::SpamAssassin::Plugin::FromNameSpoof

        # Does the From:name look like it contains an email address
        header   __PLUGIN_FROMNAME_EMAIL  eval:check_fromname_contains_email()

        # Is the From:name different to the From:addr header
        header   __PLUGIN_FROMNAME_DIFFERENT  eval:check_fromname_different()

        # From:name and From:addr owners differ
        header   __PLUGIN_FROMNAME_OWNERS_DIFFER  eval:check_fromname_owners_differ()

        # From:name domain differs to from header
        header   __PLUGIN_FROMNAME_DOMAIN_DIFFER  eval:check_fromname_domain_differ()

        # From:name and From:address don't match and owners differ
        header   __PLUGIN_FROMNAME_SPOOF  eval:check_fromname_spoof()

        # From:name address matches To:address
        header __PLUGIN_FROMNAME_EQUALS_TO  eval:check_fromname_equals_to()


       Perform various tests against From:name header to detect spoofing. Steps in place to
       ensure minimal FPs.


       The plugin allows you to skip emails that have been DKIM signed by specific senders:


       FromNameSpoof allows for a configurable closeness when matching the From:addr and
       From:name, the closeness can be adjusted with:

        fns_extrachars 50

       Note that FromNameSpoof detects the "owner" of a domain by the following search:


       By default FromNameSpoof will ignore the TLD when testing if From:addr is spoofed.
       Default 1

         fns_check 1

       Check levels:

        0 - Strict checking of From:name != From:addr
        1 - Allow for different tlds
        2 - Allow for different aliases but same domain


       The following tags are added to the set if a spoof is detected. They are available for use
       in reports, header fields, other plugins, etc.:

           Detected spoof address from From:name header

           Detected spoof domain from From:name header

           Detected spoof owner from From:name header

           Actual From:addr address

           Actual From:addr domain

           Actual From:addr detected owner


       header   __PLUGIN_FROMNAME_SPOOF eval:check_fromname_spoof() header
       __PLUGIN_FROMNAME_EQUALS_TO eval:check_fromname_equals_to()

       __PLUGIN_FROMNAME_EQUALS_TO) describe FROMNAME_SPOOF_EQUALS_TO From:name is spoof to look
       like To: address score    FROMNAME_SPOOF_EQUALS_TO 1.2

perl v5.30.0                                2020-02Mail::SpamAssassin::Plugin::FromNameSpoof(3pm)