Ok so we purchased an XG-230 a few months back. I am trying to find a good way to block spoofed email from scammers outside our organization. I am using legacy mode right now because I don't believe MTA is quite there yet. Originally I blacklisted our domain using an address group of "mydomain.com". Then, adding a filtering rule to reject messages with "sender contains - mydomain.com". great, that worked, kind of... Blocked too much. The reason it only worked kind of is because some mail services and companies that use third party mail programs like MailChimp, VerticalResponse, etc. track bounces and responses by putting the recipient's domain in the sender line. Like "bounce-mc.us13_55669317.893313-USERNAME=MYDOMAIN.com@mail111.atl91.mcsv.net". So it sees the "mydomain.com" in the sender line and blocks the email. Some invoices and our own newsletters were getting blocked. So I changed the behavior to Prefix Subject with [SPAM]. This works except now everything gets to the user's inbox and they call me several times a day asking for me to look at a particular message to determine if it's spam.
I think this would be a very easy fix for the Sophos dev team. On my old watchguard box there was a way to blacklist domains by filtering *@domain.com with the xg in legacy mode I can only do domain.com which catches erroneous emails. As I really don't care if my domain comes before the @ in the sender's address. But attempting to put @mydomain.com in the address group it says "You must enter a valid value for Email Address/Domain."
Any better ideas?
This thread was automatically locked due to age.
