Display full FROM email address in Outlook

Question

I'm trying to do phishing mitigation in the Outlook desktop app, and I've seen a number of cases where the display name is so long that the email address gets truncated, e.g.

From: Microsoft email account activity notifications admin@microsoft.completely.bogus.example.com

might get truncated in the view pane to

From: Microsoft email account activity notifications <admin@microsoft.com

which looks at least superficially legit.

Is there a way to ensure that the full email address is displayed? Yes, I know that users can mouse over the email address to see who the email is from, but I want to eliminate barriers to good email security.

Ideally, I would like to set this in a GPO.

How are the mails displayed by your outlook client received? You probably have the option to simply reject (start with audit-only!) mail that Outlook cannot properly render. Anecdotal evidence: This has similar benefit/collateral damage ratio as content scanning for me. — anx, Sep 14 '21 at 15:11

score 1 · Answer 1 · answered Sep 15 '21 at 07:03

1

I think you could try adding a custom form configuration file in the following guidance to your client so that there will be a column displaying the sender's email address in the message list:

Show sender’s e-mail address as a column in the Message List

My test result in the following screenshot is for your reference:

If the sender's email address is a bit long, you could change the Reading Pane to bottom:

Besides, if you want to block the emails from the phishing sender, you could create an inbox or transport rule:

answered Sep 15 '21 at 07:03

Ivan_Wang

1,323
1
3
4

2

Excuse me, do you really expect users to know absolutely all phishing email addresses ahead of time to block them? – Nikita Kipriyanov Sep 15 '21 at 08:24
@NikitaKipriyanov I was just making suggestions for the current scenario and the specific email address mentioned above. – Ivan_Wang Sep 15 '21 at 10:40
1

You do, however, know all variations of the simplest form of this particular type of phishing trick and can express it in regular expressions. Just do not widely apply anti-lookalike rules to *second*-level domains, because a few of those (like com.au) are perfectly legitimate. – anx Sep 15 '21 at 20:57

Display full FROM email address in Outlook

1 Answers1