This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Preventing phishing attack?

We've had someone impersonating an employee of our company through spear phishing attacks. It's clear to see that the email is originating from someone else, and I can easily blacklist those addresses, but they just start again with a new address. What I'd like to do is create a global rule that filters out anything from our real employee that does not have our email domain in the address. I'm having trouble putting together something that does this either in the firewall filter or the SMTP anti-spam settings. Any ideas for how to accomplish this?

This thread was automatically locked due to age.

Parents

0 BAlfson over 8 years ago

Paul, I thought he already had an SPF record, and that that wasn't stopping the problem. Maybe he just needs to set it to hard fail instead of soft. It's really not clear, steagle, what mechanism the criminal is using.

Have you tried DKIM? You might try using my KB article: DKIM Setup using Windows OpenSSL. Any luck with that?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 8 years ago

Paul, I thought he already had an SPF record, and that that wasn't stopping the problem. Maybe he just needs to set it to hard fail instead of soft. It's really not clear, steagle, what mechanism the criminal is using.

Have you tried DKIM? You might try using my KB article: DKIM Setup using Windows OpenSSL. Any luck with that?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data