Quarantining suspected spoof and allowing safe messages
Situation |
|
---|---|
Solution |
Follow the below steps to:
|
Suspected spoofed emails are identified as inbound messages from the internet where the from domain is one of the company’s internal domains.
These messages can be quarantined for further review and released if appropriate. Organizations can also create exceptions in order to allow delivery of emails from approved senders, such as an externally delivered marketing communication.
To enable the Spoofed email detection setting for an organization
- Navigate to Security Settings > Email > Spam Settings.
- Enable Inbound domain spoofing protection.
If you would like this change to also be set on the existing users please check the box Update spam detection settings above for all existing user accounts, located next to the Save option.
- Click Save.
To enable the Spoofed email detection setting for an individual user
- Navigate to Administration > User Management > Users.
- Click the name of the user that you wish to edit.
- Click Spam.
- Enable Inbound domain spoofing protection.
- Click Save.
You may want to create exceptions in order to by-pass the spoofed email detection setting. To do so you can add an entry to an organization safe sender list or create a custom filter. Sender lists support IP addresses. If you wish to identify emails using an alternate method, such as subject line or body content, you should create a custom filter.
Bypass the Spoofed email detection setting using the safe sender list
- Navigate to Security Settings > Email > Sender Lists.
- In the Safe Sender List section, type in the IP address you wish to allow.
IP addresses may contain wildcards (for example, 10.20.*.20, 10.*.*.*, 10.*.0.*) and CIDR notation (for example, 10.0.62.0/24).
- Click Save.
Bypass the Spoofed email detection setting using a custom filter
- Navigate to Security Settings > Email > Filter Policies.
- Click New Filter.
- Enter a name for the filter, such as By-pass Imposter Email detection.
- Click Continue.
- Select the desired option from the If dropdown, such as Email Subject or Email Message Content.
- Choose the desired operator from the Choose dropdown.
- Enter the terms you wish to use in order to bypass the imposter email detection setting into the text field.
For example, if you want to target a newsletters sent by an external marketing service, you can use Email Subject IS Bob’s Books Supplies Newsletter.
- From the Do dropdown, select Allow.
- Click Save.
For Outbound emails
- Get the IP addresses of the External Service that is using your domain (ticket system, webforms,etc).
- Navigate to Administration > Account Management > Domains > Sending Servers
- Add those IP address as "New Sending Server"
- Click Save