Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Email where From and Reply-To are different

Pretty much what the subject says, we've been getting spam and phishing emails making it through the Gateway where the From and Reply-To addresses are different. For example the "From" will be "ReasonableName@CompanyWeTrust.com" and the Reply-To will be "TotalPhish@email.ru". Is there any way to flag, quarantine, or block these types of emails?



Added tags
[edited by: Raphael Alganes at 10:04 AM (GMT -7) on 29 May 2023]
Parents
  • It is a difficult one, because there seems to be plenty of legitimate reasons why these can differ. 

    “First things first, but not necessarily in that order” – Doctor Who

  • That I completely understand, but for specific groups within our org such as AP/Cash Collections they receive far more phishing and spam using this method than any legitimate email. It's become prevalent enough that Financial Fraud webinars now highlight it as a common threat to watch out for.  The ability to simply highlight it via a banner or quarantine them would be helpful.

  • Have you thought about tightening security on incoming emails in general? I.e. SPF/DKIM hard fails and others potentially held for approval or quarantined?

    A quick warning email sent to staff that if it's in quarantine to be extremely suspect of it.

Reply Children
No Data