Block spoof email of the local domains on Messaging Gateway

book

Article ID: 178087

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Mail is coming into the inbound queue with the envelope sender and recipent are in the same local domain.


 

Resolution


Steps for creating a compliance rule to block spoofing domains.
 

  • Create Dictionary for the list of domains in the environment that are being spoofed.

  • Create the Compliance rule.

  • Test the rule.


Create Dictionary

  1. Log in to the Control Center as Admin.
  2. Click on Compliance Tab.
  3. Off to the left of screen Under "Resources" click on "Dictionaries"
  4. The list of Dictionaries should be displayed.
  5. Click on the "Add" button.
  6. The "Add Dictionary" page is displayed.
  7. Give the dictionary a name.

    Example: Spoofing Domains
     
  8. Under the section "Words or Phrases" add the words that will cause the rule to trigger.

    Example: abc.com
     
  9. Once all of the domains have been entered  then click on "Save"


Create Compliance Rule
 

  1. Under "Policies" click on "Email".
  2. The list of compliance policies will be displayed.
  3. Click on the "Add" button to create the new rule.
  4. The list of templates will be displayed. Leave "Blank" selected and click on "Select" at the bottom of the screen.
  5. The "Configure an Email Content Compliance Policy" page will be displayed.
  6. Give it a Policy Name.

    Example: Spoofing of Domains
     
  7. Leave "Track violations of this policy in the dashboard and reports" checked.
  8. Under the Conditions Section set the "Apply to:" to "Inbound messages".
  9. Leave "Any" for the "Which of the following conditions must be met:".
  10. Click on the "Add" button to add a condition.
  11. Select "Text in the specific part of the message header:" and choose "Envelope Sender" from the drop-down list.
  12. Select the following: "contains" "Domain name" from dictionary: and select your dictionary that you created for the Domains list.
  13. Click the "Update Condition" button.
  14. Under the "Actions" section setup the action you want to be performed when the condition is triggered.
  15. Check the boxes next to the "Groups" the rule should be applied to.
  16. Click on the "Save" button.


Test rule
 

  1. Use "telnet" or a mail client to create a test message to send into the appliance to test the rule.





Technical Information
Stopping spoofed domains could also be accomplished with SPF records, Bad Senders list, or DKIM (version 9 only).


 

 

 

 

Powered by Wolken Software