Thank you for visiting the Rackspace Community
The The Community is live! Post new content or topics so our teams can assist.

Please contact your support team if you have a question or need assistance for any Rackspace products, services, or articles.

Display Name Spoofing

Can you let me know what Rackspace is doing to combat Display Name Spoofing? 

I've got SPF, DKIM and DMARC records in place, but they do not combat Display Name Spoofing which is really affecting my users.   Is anything on your roadmap that would address this nasty issue?

  • Hello,

    We apologize that you've had this issue consistently. To help give more context, the spoofing seen is called a Display Name Attack/Spoof. These kinds of spoofs are different than what normally occurs with spoofing and is checked by DMARC.

    Generally DMARC is a great defense for spoofing, but in this case the message "shows" the spoofing in only the Display Name. If you hovered over the name in a client such as Outlook or reviewed the message headers, you should see the actual sender.

    DMARC and SPF check against this "envelope-from" or "smtp.mailfrom" since this is what is provided at the time of the initial SMTP transaction.

    While this is difficult and challenging to combat, at this point it is best to help provide user's awareness of these phishing attacks and also look towards other alternative solutions. Our alternative solutions are to utilize a 3rd party spam filter, use a transport rule with our Hosted Exchange system, or migrate to Office 365 to utilize/manage your own Transport Rules and take advantage of features like Advanced Threat Protection.

    If you decide to go with the Transport Rule with our Hosted Exchange, please be aware this will require our Exchange Enterprise plan which is an additional $3 per user per month fee and will only function for Exchange users within your organization.

    Please note that these solutions will only assist in alleviating inbound messages to your users. Display-name spoofing to external recipients will continue to be an issue as DMARC does not cover that edge-case and we have no control over external systems.

    I hope this helps explain further the type of spoofing that is occurring and gives more insight as to the possible solutions at this time. If you have any further questions, please let us know and for faster support contact us by chat or by phone and reference this ticket. Thank you and have a wonderful day!

Reply Children