|Situation||You are receiving spam and/or phishing emails from a country that your company does not normally have dealings with.|
|Solution||Create an Inbound Filter to quarantine emails from specific country of origin.|
Create inbound filter to quarantine based on country of origin
The Client GeoIP Lookup field in the detail for a specific message tells you its Country of Origin.
- Navigate to Security Settings > Email > Filter Policies.
- Create a new Filter with Direction Inbound. Name it something appropriate e.g. Geo IP Block.
- Set the scope to Company Level and configure the filter logic as follows:
IF Client IP Country IS [Country of Origin e.g. Algeria] DO Quarantine AND Require Admin Privileges to Release **Optional Step**
- Click Save.
Once created, you can edit the filter or check its usage stats.
Adjusting the Filter Logic
By slightly modifying this logic, it is possible to create a filter to lock down accepted traffic from a specified country of origin.
IF Client IP Country IS NOT [List of Countries] DO Quarantine