Please contact your support team if you have a question or need assistance for any Rackspace products, services, or articles.
Can you let me know what Rackspace is doing to combat Display Name Spoofing?
I've got SPF, DKIM and DMARC records in place, but they do not combat Display Name Spoofing which is really affecting my users. Is anything on your roadmap that would address this nasty issue?
We apologize that you've had this issue consistently. To help give more context, the spoofing seen is called a Display Name Attack/Spoof. These kinds of spoofs are different than what normally occurs with spoofing and is checked by DMARC.
Generally DMARC is a great defense for spoofing, but in this case the message "shows" the spoofing in only the Display Name. If you hovered over the name in a client such as Outlook or reviewed the message headers, you should see the actual sender.
DMARC and SPF check against this "envelope-from" or "smtp.mailfrom" since this is what is provided at the time of the initial SMTP transaction.
While this is difficult and challenging to combat, at this point it is best to help provide user's awareness of these phishing attacks and also look towards other alternative solutions. Our alternative solutions are to utilize a 3rd party spam filter, use a transport rule with our Hosted Exchange system, or migrate to Office 365 to utilize/manage your own Transport Rules and take advantage of features like Advanced Threat Protection.
If you decide to go with the Transport Rule with our Hosted Exchange, please be aware this will require our Exchange Enterprise plan which is an additional $3 per user per month fee and will only function for Exchange users within your organization.
Please note that these solutions will only assist in alleviating inbound messages to your users. Display-name spoofing to external recipients will continue to be an issue as DMARC does not cover that edge-case and we have no control over external systems. I hope this helps explain further the type of spoofing that is occurring and gives more insight as to the possible solutions at this time. If you have any further questions, please let us know and for faster support contact us by chat or by phone and reference this ticket. Thank you and have a wonderful day!
O365 ATP doesn't stop Display Name Attack/Spoofing. If I'm going to pay an additional $3/month for Enterprise and my own third party email filter then I'll just bring Exchange back in house.
If anyone is following this thread it seems Cisco's CES (Cloud Email Security) is now claiming to block BEC attacks which include Display Name Spoofing.
I'm not sure how effective it is, but we're going to be doing a 45 day trial to gauge its effectiveness.
Good luck everyone!