from name display in outlook - dangerous shortening
Outlook and Outlook web are displaying the Sender Name.
Analyzing a successfull spoofing attack, i recognzied that Outlook is not Always displaying the full Sender adress.
Outlook displayed. "Display Name <email@example.com>"
Outlook did not Display the firstname.lastname@example.org, but this was the real sender. The Methode above is a nice trick to Bypass spf checking, and if email@example.com is an internal address this may also be a good Methode to spoof. The from field is not rfc conform, but obviously Exchange (online and on-premise) are accepting this mail.
Outlook did however not expect a 2nd eMail from at this Point, and does Display only the first part - in my case, the spoofed part.
I have not tested, whether this behavoir is also working for imap Connection, but with Exchange it is leading to an almost perfect Looking spoofed eMail. The Display of <eMail> is the only hint that this mail was spoofed.
I saw this technique also for spam and pish eMails.If outlook would display the fully received sender, this would help the user to identify such dangerous mails..