Skip to main content
Contact Us
My preferencesSign out
Proofpoint, Inc.

Quarantining suspected spoof and allowing safe messages

  1. Last updated
  2. Save as PDF
Situation
  • You want to ensure your email headers, sender field, or other fields are authenticate and not spoofed to prevent data breaches and minimize potential security risks by using the Spoofed Email Detection setting.
  • You want to prevent known safe messages from being quarantined and tripping your Spoofed Email Detection setting.
Solution

Follow the below steps to:

  • Enable Inbound domain spoofing protection for your company or individual users.
  • Use the Safe Sender List to bypass the Spoofed Email Detection setting.
  • Use a custom filter to bypass the setting.

 

Suspected spoofed emails are identified as inbound messages from the internet where the from domain is one of the company’s internal domains.

These messages can be quarantined for further review and released if appropriate. Organizations can also create exceptions in order to allow delivery of emails from approved senders, such as an externally delivered marketing communication.

To enable the Spoofed email detection setting for an organization

  1. Navigate to Security Settings > Email > Spam Settings.
  2. Enable Inbound domain spoofing protection.
    inbound domain spoofing.png 

    If you would like this change to also be set on the existing users please check the box Update spam detection settings above for all existing user accounts, located next to the Save option.

  3. Click Save.

To enable the Spoofed email detection setting for an individual user

  1. Navigate to Administration > User Management > Users.
  2. Click the name of the user that you wish to edit.
  3. Click Spam.
  4. Enable Inbound domain spoofing protection.
    inbound domain spoofing.png
  5. Click Save.

You may want to create exceptions in order to by-pass the spoofed email detection setting. To do so you can add an entry to an organization safe sender list or create a custom filter. Sender lists support IP addresses. If you wish to identify emails using an alternate method, such as subject line or body content, you should create a custom filter.

Bypass the Spoofed email detection setting using the safe sender list

  1. Navigate to Security Settings > Email > Sender Lists.
  2. In the Safe Sender List section, type in the IP address you wish to allow.

    IP addresses may contain wildcards (for example, 10.20.*.20, 10.*.*.*, 10.*.0.*) and CIDR notation (for example, 10.0.62.0/24).

  3. Click Save.

Bypass the Spoofed email detection setting using a custom filter

  1. Navigate to Security Settings > Email > Filter Policies.
  2. Click New Filter.
  3. Enter a name for the filter, such as By-pass Imposter Email detection.
  4. Click Continue.
  5. Select the desired option from the If dropdown, such as Email Subject or Email Message Content.
  6. Choose the desired operator from the Choose dropdown.
  7. Enter the terms you wish to use in order to bypass the imposter email detection setting into the text field.

    For example, if you want to target a newsletters sent by an external marketing service, you can use Email Subject IS Bob’s Books Supplies Newsletter.

  8. From the Do dropdown, select Allow.
  9. Click Save.

For Outbound emails

  1. Get the IP addresses of the External Service that is using your domain (ticket system, webforms,etc).
  2. Navigate to Administration > Account Management > Domains > Sending Servers
  3. Add those IP address as "New Sending Server"
  4. Click Save