This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Preventing phishing attack?

We've had someone impersonating an employee of our company through spear phishing attacks. It's clear to see that the email is originating from someone else, and I can easily blacklist those addresses, but they just start again with a new address. What I'd like to do is create a global rule that filters out anything from our real employee that does not have our email domain in the address. I'm having trouble putting together something that does this either in the firewall filter or the SMTP anti-spam settings. Any ideas for how to accomplish this?


This thread was automatically locked due to age.
Parents
  • Paul, I thought he already had an SPF record, and that that wasn't stopping the problem.  Maybe he just needs to set it to hard fail instead of soft.  It's really not clear, steagle, what mechanism the criminal is using.

    Have you tried DKIM?  You might try using my KB article: DKIM Setup using Windows OpenSSL.  Any luck with that?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Paul, I thought he already had an SPF record, and that that wasn't stopping the problem.  Maybe he just needs to set it to hard fail instead of soft.  It's really not clear, steagle, what mechanism the criminal is using.

    Have you tried DKIM?  You might try using my KB article: DKIM Setup using Windows OpenSSL.  Any luck with that?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data