Hello team!, we detected that the user can modify the FROM address adding confusing text. So the recipient can read this added text + the original address.
Please see the following video showing the issue: https://youtu.be/V8VXaOFxoT0
Note: we've just confirm that this happens with any GW version, including the latest versions of GW2014.x and GW2018.x using gwclient and webmail.
Best regards.,
by: Walter L. | over a year ago | Administration
Comments
This is a nice feature and we use it often for different email sender-domains.
GroupWise tells you the original sender in the sender field what is necessary.
You can do this with the most eMail clients out there. The name is only an informational, human-readable field while the address have to be the original sender email address.
I agree with EDV S. - this feature is fine as is. The name on an email message from any system, never mind GroupWise, has never been "secure". It's one of the first things we train users to look carefully at when it comes to Phishing Training. As far as GroupWise specifically, we have many users that need this feature for legitimate business purposes. Off the top of my head: For example, temporary workers in an accounting department might have a single, rarely used account called "accounts-payables@company.com" and when it's used from GroupWise for a new message sending an invoice they might want to add their real name. That worker could be gone tomorrow after the project is completed, but if there's a problem with the invoice the real name is there for tracking purposes.