Additional Inbox column for Spam/Malware detection

On IBM Notes 9.0.1FP8 or higher


Now-days we facing very trick malware attacks, starting by a simple mail. You may get afraid of a message from the general manger, from the financial office or from the police department. As you may can’t thinking very clearly, you wouldn’t approve the text neither the actual sender.



Simple change:


Add an additional column "Sender" in the email view: INBOX - this column will show the email address of the sender.


And the email details will be automatically shown in the mails' preview and open emails per default. (Notes Mail Policy)






Technical implementation:


1. Watching in to the mail template and deciding where I would like to put the column with the senders e-mail address. -> I decided to add it after the "Who" column


If the E-mails coming from inside, I will show the internal name of the sender (First name Last name/OU/O)



2. The @ Formula:

There are 2 different columns for the "Who" attribute. With a hide/when formula on it
Who (the first column):
TemplateLang := "en";
@If(@ClientType = "Notes"; @LocationGetInfo([NamePreference]) = "1"; @False)

Who: (the second column)
TemplateLang := "en";
@If(@ClientType = "Notes"; @LocationGetInfo([NamePreference]) != "1"; @True)
REM: "Display primary names" and "Display alternate names" from the location ->


An alternate name is helpful when you want to use your native language and a character set to type,
display, and look up names. Especially with character sets like Kyrill or Japanese



3. From my point of view:
I don't think I will us this hidden column in a German / English environment.
By the way, the @LocationGetInfo function is undocumented and is not supported for use.

4.  Adding a new column in to the folder Inbox. (without hide/when formula or anything special) The column formula will show the senders address, from the "From" field.


5.  Optional: Adding a new icon column in to the folder Inbox. Just right behind the column "Sender": Showing an alert Icon, if the "From" field isn’t equal to the "SMTP Originator" or "Replay-to" field. It’s the footprint of every spoofing/malware or spam mail, but you will have also an alert on nearly all newsletters and notification mails.



The user will never answer to the SMTP-originator if the e-mail comes with an envelope.
The address Inside Replay-To field, is not important at this moment.
That means, I show the field content of the "From" field.


-> Optional: To give an indication of a susceptive SMTP behavior, I show an alert icon.

- The user will realize that nearly all newsletter and system notifications will have an alert icon.

- If an alert is on a common mail form a obviously common sender, the user should be aware that something is going on.

- System notifications with different SMTP-originator and Replay-to addresses are in the most of the cases poor configured systems.

- And by the way, you would like to cancel the most of those newsletters if you are honest anyway...











Write a comment

Comments: 0