Steps for creating a compliance rule to block spoofing domains.
-
Create Dictionary for the list of domains in the environment that are being spoofed.
-
Create the Compliance rule.
-
Test the rule.
Create Dictionary
- Log in to the Control Center as Admin.
- Click on Compliance Tab.
- Off to the left of screen Under "Resources" click on "Dictionaries"
- The list of Dictionaries should be displayed.
- Click on the "Add" button.
- The "Add Dictionary" page is displayed.
- Give the dictionary a name.
Example: Spoofing Domains
- Under the section "Words or Phrases" add the words that will cause the rule to trigger.
Example: abc.com
- Once all of the domains have been entered then click on "Save"
Create Compliance Rule
- Under "Policies" click on "Email".
- The list of compliance policies will be displayed.
- Click on the "Add" button to create the new rule.
- The list of templates will be displayed. Leave "Blank" selected and click on "Select" at the bottom of the screen.
- The "Configure an Email Content Compliance Policy" page will be displayed.
- Give it a Policy Name.
Example: Spoofing of Domains
- Leave "Track violations of this policy in the dashboard and reports" checked.
- Under the Conditions Section set the "Apply to:" to "Inbound messages".
- Leave "Any" for the "Which of the following conditions must be met:".
- Click on the "Add" button to add a condition.
- Select "Text in the specific part of the message header:" and choose "Envelope Sender" from the drop-down list.
- Select the following: "contains" "Domain name" from dictionary: and select your dictionary that you created for the Domains list.
- Click the "Update Condition" button.
- Under the "Actions" section setup the action you want to be performed when the condition is triggered.
- Check the boxes next to the "Groups" the rule should be applied to.
- Click on the "Save" button.
Test rule
- Use "telnet" or a mail client to create a test message to send into the appliance to test the rule.
Technical Information
Stopping spoofed domains could also be accomplished with SPF records, Bad Senders list, or DKIM (version 9 only).