What's the easiest way to block messages that appear to be sent from our domain but originate outside of our network? Can I just add our domain to the Block List?
This thread was automatically locked due to age.
I opened a ticket on this very thing today. I got this as the response:
What To Do
The Sophos Email Appliance will scan these e-mails for spam, according to your policy. No special actions are necessary. However, some administrators may wish to block these 'spoofed' e-mails by default. Follow the instructions below:
Remove from Allow List
Make sure your own domain has not been incorrectly whitelisted as a sender address. If necessary remove the domain from: Configuration | Policy | Allow/Block Lists | Allowed Hosts/Senders
Add to Block List
These steps will block the E-Mail when your domain name has been used in either:
Add the domain to: Configuration | Policy | Allow/Block Lists | Block Lists | Blocked Hosts/Senders | Senders
For example, add: @mydomain.tld
Note, that global block lists only apply to mail from external hosts. Outgoing mail will not be affected.
Other considerations
Before using this configuration in production, consider whether any legitimate senders need to spoof your domain name. For example, an external web hosting solution may send you e-mails from postmaster@mydomain.tld. These hosts must be exempt from the Anti-Spoofing rules using the Allowed Hosts option (Allowed Hosts/Senders take precedence over Blocked Hosts/Senders).
You should also ensure your list of internal hosts is correctly configured, so outbound ail is not affected. Enter the IP of any devices that are allowed to send outgoing e-mail in: Configuration | Routing | Internal Hosts
I've now added the blacklist for senders and we'll see how it goes.
I opened a ticket on this very thing today. I got this as the response:
What To Do
The Sophos Email Appliance will scan these e-mails for spam, according to your policy. No special actions are necessary. However, some administrators may wish to block these 'spoofed' e-mails by default. Follow the instructions below:
Remove from Allow List
Make sure your own domain has not been incorrectly whitelisted as a sender address. If necessary remove the domain from: Configuration | Policy | Allow/Block Lists | Allowed Hosts/Senders
Add to Block List
These steps will block the E-Mail when your domain name has been used in either:
Add the domain to: Configuration | Policy | Allow/Block Lists | Block Lists | Blocked Hosts/Senders | Senders
For example, add: @mydomain.tld
Note, that global block lists only apply to mail from external hosts. Outgoing mail will not be affected.
Other considerations
Before using this configuration in production, consider whether any legitimate senders need to spoof your domain name. For example, an external web hosting solution may send you e-mails from postmaster@mydomain.tld. These hosts must be exempt from the Anti-Spoofing rules using the Allowed Hosts option (Allowed Hosts/Senders take precedence over Blocked Hosts/Senders).
You should also ensure your list of internal hosts is correctly configured, so outbound ail is not affected. Enter the IP of any devices that are allowed to send outgoing e-mail in: Configuration | Routing | Internal Hosts
I've now added the blacklist for senders and we'll see how it goes.