Filter mail from a specific Country of Origin
| Situation | You are receiving spam and/or phishing emails from a country that your company does not normally have dealings with. |
|---|---|
| Solution | Create an Inbound Filter to quarantine emails from specific country of origin. |
Create inbound filter to quarantine based on country of origin
The Client GeoIP Lookup field in the detail for a specific message tells you its Country of Origin.
- Navigate to Security Settings > Email > Filter Policies.
- Create a new Filter with Direction Inbound. Name it something appropriate e.g. Geo IP Block.
- Set the scope to Company Level and configure the filter logic as follows:
IF Client IP Country IS [Country of Origin e.g. Algeria] DO Quarantine AND Require Admin Privileges to Release **Optional Step** AND Stop Processing Additional Filters **Option Step**
- Click Save.
Once created, you can edit the filter or check its usage stats.
Adjusting the Filter Logic
By slightly modifying this logic, it is possible to create a filter to lock down accepted traffic from a specified country of origin.
IF Client IP Country IS NOT [List of Countries] DO Quarantine
WHOIS information
At times there will be discrepancies in data. Please note that a WHOIS contact is not the same as the Geo-location of an IP. You will need to use Geo location services to find the real location of an IP at times.
There are plenty of sites, not just WHOIS regstries, that can perform geo-location look-ups. Many providers have global datacenters, but the WHOIS information typically shows their main office location located in a different country.