3

I'm trying to do phishing mitigation in the Outlook desktop app, and I've seen a number of cases where the display name is so long that the email address gets truncated, e.g.

From: Microsoft email account activity notifications admin@microsoft.completely.bogus.example.com

might get truncated in the view pane to

From: Microsoft email account activity notifications <admin@microsoft.com

which looks at least superficially legit.

Is there a way to ensure that the full email address is displayed? Yes, I know that users can mouse over the email address to see who the email is from, but I want to eliminate barriers to good email security.

Ideally, I would like to set this in a GPO.

  • How are the mails displayed by your outlook client received? You probably have the option to simply reject (start with audit-only!) mail that Outlook cannot properly render. Anecdotal evidence: This has similar benefit/collateral damage ratio as content scanning for me. – anx Sep 14 '21 at 15:11

1 Answers1

1

I think you could try adding a custom form configuration file in the following guidance to your client so that there will be a column displaying the sender's email address in the message list:

Show sender’s e-mail address as a column in the Message List

My test result in the following screenshot is for your reference:

enter image description here

If the sender's email address is a bit long, you could change the Reading Pane to bottom:

enter image description here

enter image description here

Besides, if you want to block the emails from the phishing sender, you could create an inbox or transport rule:

enter image description here

Ivan_Wang
  • 1,323
  • 1
  • 3
  • 4
  • 2
    Excuse me, do you really expect users to know absolutely all phishing email addresses ahead of time to block them? – Nikita Kipriyanov Sep 15 '21 at 08:24
  • @NikitaKipriyanov I was just making suggestions for the current scenario and the specific email address mentioned above. – Ivan_Wang Sep 15 '21 at 10:40
  • 1
    You do, however, know all variations of the simplest form of this particular type of phishing trick and can express it in regular expressions. Just do not widely apply anti-lookalike rules to *second*-level domains, because a few of those (like com.au) are perfectly legitimate. – anx Sep 15 '21 at 20:57