Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Subscribers 15 subscribers
  • Views 4198 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

E-mail Gateway malicious url e-mail allowed through

Fred_B


we have received an e-mail using an alias/send as from one of our domains. The e-mail was allowed through and leads to a malicious url. We have enabled the setting in E-mail Security to reject e-mails that impersonate one of our domains: 

Header anomalies
Email that appears to come from your own domain, but originates externally

Now it wasn’t rejected but as this sender does not match our spf or dmarc we feel it should have been quarantined next. It didn’t, not as far as I can see in the logs as it only gives delivered successfully.

Sophos Support claims it is a false positive and that I should send it to Sophos Labs. I can’t do anything with such support answers.

Questions: is send as / alias from a non-domain email adress using a send as / alias of one of our e-mail domains not picked up by:

a] header anomalies?

b] spf and dmarc settings?

Regards,

Fred



This thread was automatically locked due to age.

Top Replies

  • in reply to Fred_B +1 verified

    Hello Fred,

    I checked on your case, and Support sent you an email on Jun 23, telling you about some updates, however, there was no reply from your end, or after 3 follow-up emails. 

    In that email, they’re asking you to check a configuration related to the Allow List that might be conflicting with your SPF check.

    Additionally, they provided the following KB , for the error below:

    Results - PermError SPF Permanent Error: Too many DNS lookups

    Did you get a change to read that email?

    Regards,

    Jump to answer
Parents Reply Children
No Data