Display Name Attack

Top Deliverability > Display Name Attack

Display Name Attack

April 21, 2021
Posted by: Nicola Selenu

No Comments

« Back to Glossary Index

Traditionally there is no provision to make sure the Display Name and Address Field portions of the From Header refer to the same entity. Bad actors have exploited this by using one address in the Address Field, which the user won’t see, and including a completely different address in the Display Name. Because they can use a domain they control in the Address Field, these messages may even pass simple email authentication checks against that domain, while the recipient’s email client shows a different domain entirely. This is sometimes referred to as a “Display Name Attack.”

Related Articles:

Glossary: Display Name Attack

« Back to Glossary Index

Related Terms:

Author:Nicola Selenu

<img alt='' src='//www.gravatar.com/avatar/939fc9ca6f4fb30cf3a8ebaf1d449059?s=174&r=g&d=mm' srcset='//www.gravatar.com/avatar/939fc9ca6f4fb30cf3a8ebaf1d449059?s=174&r=g&d=mm 2x' class='avatar avatar-174 photo' height='174' width='174' decoding='async'/>

Nicola Selenu is a recognized leader in the Email Industry (with 15 years of professional experience as an Email Marketing and Deliverability Consultant) and an active member of the Anti-Abuse community. Some (of the many) brands that proudly served during his career in Email are: Adobe, Nestlé, Expedia, Gucci, Bulgari, Luxottica, UNHCR, Amnesty International, LastMinute, Acer, Groupon.

Display Name Attack

Top Deliverability > Display Name Attack

Display Name Attack

April 21, 2021
Posted by: Nicola Selenu

No Comments

« Back to Glossary Index

Traditionally there is no provision to make sure the Display Name and Address Field portions of the From Header refer to the same entity. Bad actors have exploited this by using one address in the Address Field, which the user won’t see, and including a completely different address in the Display Name. Because they can use a domain they control in the Address Field, these messages may even pass simple email authentication checks against that domain, while the recipient’s email client shows a different domain entirely. This is sometimes referred to as a “Display Name Attack.”

« Back to Glossary Index

Related Terms:

Author:Nicola Selenu

<img alt='' src='//www.gravatar.com/avatar/939fc9ca6f4fb30cf3a8ebaf1d449059?s=174&r=g&d=mm' srcset='//www.gravatar.com/avatar/939fc9ca6f4fb30cf3a8ebaf1d449059?s=174&r=g&d=mm 2x' class='avatar avatar-174 photo' height='174' width='174' decoding='async'/>

Nicola Selenu is a recognized leader in the Email Industry (with 15 years of professional experience as an Email Marketing and Deliverability Consultant) and an active member of the Anti-Abuse community. Some (of the many) brands that proudly served during his career in Email are: Adobe, Nestlé, Expedia, Gucci, Bulgari, Luxottica, UNHCR, Amnesty International, LastMinute, Acer, Groupon.

This website uses cookies and asks your personal data to enhance your browsing experience.

Ok, I agree Privacy Policy