rshipp
commented
6 years ago Thanks for the issue! This should be doable.
If you don't mind me asking, where are you seeing emails in this format?
Closed HitokageTaka closed 5 years ago
rshipp
commented
6 years ago Thanks for the issue! This should be doable.
If you don't mind me asking, where are you seeing emails in this format?
HitokageTaka
commented
6 years ago Thank you for the quick reply! In an information sharing group my organization is a part of. I could probably provide you with 100 different “defanging” techniques these analysts try.
Another for your consideration could be another common defang technique of “google DOT com”. They will literally type “dot” or “at” rather than a [.] or [@].
Again thanks for the prompt reply! On Fri, Sep 14, 2018 at 1:14 PM Ryan Shipp notifications@github.com wrote:
Thanks for the issue! This should be doable.
If you don't mind me asking, where are you seeing emails in this format?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/InQuest/python-iocextract/issues/22#issuecomment-421441699, or mute the thread https://github.com/notifications/unsubscribe-auth/ApRe4wYNM4PgtN03_Ij9I3xA8pfCX_-1ks5ua_H8gaJpZM4Wpps3 .
rshipp
commented
6 years ago Interesting, thanks. If you have more defangs we're not catching, definitely feel free to share them.
I'll try to up the robustness of our email support in general. It's a bit weaker than our URL support just because I don't often see emails shared, and didn't realize it was something people needed.
Identify and 'refang' emails formatted as follows: identifier[@]domain[.com]