Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 2615 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Email where From and Reply-To are different

Joshua Curry

Pretty much what the subject says, we've been getting spam and phishing emails making it through the Gateway where the From and Reply-To addresses are different. For example the "From" will be "ReasonableName@CompanyWeTrust.com" and the Reply-To will be "TotalPhish@email.ru". Is there any way to flag, quarantine, or block these types of emails?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to j0hnV

    That I completely understand, but for specific groups within our org such as AP/Cash Collections they receive far more phishing and spam using this method than any legitimate email. It's become prevalent enough that Financial Fraud webinars now highlight it as a common threat to watch out for.  The ability to simply highlight it via a banner or quarantine them would be helpful.

  • 0 in reply to Joshua Curry

    Have you thought about tightening security on incoming emails in general? I.e. SPF/DKIM hard fails and others potentially held for approval or quarantined?

    A quick warning email sent to staff that if it's in quarantine to be extremely suspect of it.

Unfiltered HTML