For our Company Domain (petroleumtraders.com) all our users send emails from Inside the firewall. So we know any email that comes from outside the firewall with that as a sending address is fake. So we have a *@petroleumtraders.com Address pattern added to the Sender BlackList section of the AntiSpam tab on our email protection.
But today one of our Vice Presidents got a fake email that appeared to be from the owners address complete with a @petroleumtraders.com address. Luckily it looked a little suspicious because it was a wire transfer request.
After inspecting the email I found in the header that the X-Sender was a external address and the From header was a @petroleumtraders.com and the Reply-To, Return-Path were also a external address.
So I guess the Sender blacklist does not block the "envelope-from" address?
How can I block these so internal users can't be tricked?
Dan
This thread was automatically locked due to age.
