Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Subscribers 5 subscribers
  • Views 48348 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Preventing phishing attack?

steagle
We've had someone impersonating an employee of our company through spear phishing attacks. It's clear to see that the email is originating from someone else, and I can easily blacklist those addresses, but they just start again with a new address. What I'd like to do is create a global rule that filters out anything from our real employee that does not have our email domain in the address. I'm having trouble putting together something that does this either in the firewall filter or the SMTP anti-spam settings. Any ideas for how to accomplish this?


This thread was automatically locked due to age.
Parents
  • 0
    Just setup SPF and add the record into your DNS then anything sent claiming to be you that isn't will get rejected.
  • 0 in reply to MentalMickey
    Just setup SPF and add the record into your DNS then anything sent claiming to be you that isn't will get rejected.


    Hey Paul, SPF checking is already enabled in my UTM and I have a SPF record in my public DNS that specifies the allowed IP addresses for our email server. Could you provide an example of how you'd configure the SPF DNS record, so I can compare to mine?
  • 0 in reply to steagle

    In your DNS records, add a TXT with name @ and value

    v=spf1 +a +mx +ip4:0.0.0.0 ~all

    Replace 0.0.0.0 with your external IP

    Do spf check in Mxtoolbox.com

  • 0 in reply to Ol Deda

    Unknown said:

    In your DNS records, add a TXT with name @ and value

    v=spf1 +a +mx +ip4:0.0.0.0 ~all

     

    I would suggest the use of -a not ~a after you tested this. Because ~ (tilde) for SOFTFAIL, a debugging aid between NEUTRAL and FAIL. Typically, messages that return a SOFTFAIL are accepted but tagged. - (minus) for FAIL, the mail should be rejected.

    Best

    Alex

    -

  • 0 in reply to Alexander Busch

    Alexander Busch said:

     I would suggest the use of -a not ~a after you tested this. Because ~ (tilde) for SOFTFAIL, a debugging aid between NEUTRAL and FAIL. Typically, messages that return a SOFTFAIL are accepted but tagged. - (minus) for FAIL, the mail should be rejected.

    Best

    Alex

     

     
     
    Changing that. I didn't know that. Thank You
Reply
  • 0 in reply to Alexander Busch

    Alexander Busch said:

     I would suggest the use of -a not ~a after you tested this. Because ~ (tilde) for SOFTFAIL, a debugging aid between NEUTRAL and FAIL. Typically, messages that return a SOFTFAIL are accepted but tagged. - (minus) for FAIL, the mail should be rejected.

    Best

    Alex

     

     
     
    Changing that. I didn't know that. Thank You
Children
Unfiltered HTML