Thread Info
  • State Suggested Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 48342 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block emails spoofed p2 headers

JimKoerner
I am looking to block emails where the FROM in the P2 header is being spoofed using our email addresses.  I can kill these off at the exchange server by removing the ms-exch-smtp-accept-authoritative-domain-sender on the Internet facing domain connector.  Is there a way to kill these via "Email Protection"?  If I add our domain in the "Sender Blacklist" does this look at the P2 header or only the P1 like SPF?

P1 header
mail from: someone@someotherdomain.com
rcpt to: user1@mydomain.com
data

P2 header
from: user1@mydomain.com (problem)
to: user2@mydomain.com
Subject: P1 and P2 headers are different
The P1 and P2 headers will be different in this message.

Thanks,
                 Jim


This thread was automatically locked due to age.
Parents
  • 0

    "Is there a way to kill these via "Email Protection"?  If I add our domain in the "Sender Blacklist" does this look at the P2 header or only the P1 like SPF?" This blacklist is matched against the envelope sender of incoming SMTP sessions. Yes, you can stop them by adding your own domain to the Blacklist, something we have done for several domains, but the problem is when you have external senders, sending on behalf of you, SPF record, then you which to make an exception for those senders that ARE allowed to send on behalf of you, to you, but this is not possible. Answer from Sophos Support: The blacklist will be checked, matched and blocked, before the exception rule is reach/processed.

Reply
  • 0

    "Is there a way to kill these via "Email Protection"?  If I add our domain in the "Sender Blacklist" does this look at the P2 header or only the P1 like SPF?" This blacklist is matched against the envelope sender of incoming SMTP sessions. Yes, you can stop them by adding your own domain to the Blacklist, something we have done for several domains, but the problem is when you have external senders, sending on behalf of you, SPF record, then you which to make an exception for those senders that ARE allowed to send on behalf of you, to you, but this is not possible. Answer from Sophos Support: The blacklist will be checked, matched and blocked, before the exception rule is reach/processed.

Children
No Data
Unfiltered HTML