mail icon indicating copy to clipboard operation
mail copied to clipboard
verified publisher icon nextcloud

Emails being sent to NC contacts has recipient's email address duplicated in display-name

Open mjog opened this issue 1 year ago • 2 comments

Steps to reproduce

  1. Send an email to a NC contact selected via autocomplete, e.g. Test Contact that has email address [email protected]
  2. View the source of the email that was sent
  3. Observe the To header value

Expected behavior

The To header has value "Test Contact" <[email protected]> and hence does to trigger Display Name spoofing attack mitigations.

Actual behavior

The To header has value "Test Contact ([email protected])" <[email protected]>, which triggers Display Name spoofing attack mitigations.

Mail app version

4.1.1

Nextcloud version

30.0.4

Mailserver or service

Postfix + Dovecot

Operating system

Linux

PHP engine version

PHP 8.2

Nextcloud memory caching

N/A

Web server

Apache (supported)

Database

MariaDB

Additional info

No response

mjog avatar Dec 24 '24 23:12 mjog

Oh, just to be clear, I'm not sure if NC Mail itself implements any Display Name spoofing attack mitigations (if not, it should), but the mitigations I am talking about being triggered by t his behaviour are in other MTAs/MUAs.

mjog avatar Dec 24 '24 23:12 mjog

Thanks for reaching out 👍

Do you still see that problem?

kesselb avatar Dec 09 '25 16:12 kesselb

Can't seem to reproduce it with v5.6.5, no.

mjog avatar Dec 17 '25 04:12 mjog