Hot!Header From field check

Author
chels
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/07/11 00:04:18
  • Status: offline
2018/07/11 00:15:26 (permalink) FortiMail
0

Header From field check

Hello,
 
Since some time, I have more spam where From SMTP address is different from Header From address.
In MS Outlook Header From is displayed; this address is used to steal identity.
 
Can I configure Fortimail in order to also check Header From address?
 
Thank you
 
(Fortimail 5.4.x)
#1
Dirty_Wizard
Bronze Member
  • Total Posts : 48
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/05/23 07:32:52
  • Status: offline
Re: Header From field check 2018/07/18 13:06:49 (permalink)
0
Check header From against what?
You can set FortiMail to check the header From email domain against SPF:
config antispam settings
set spf-checking strict-anti-spoofing
end
 
Page 44: https://docs.fortinet.com/uploaded/files/4495/fortimail-cli-reference-546.pdf
 
Is the header From email spoofed as your own domain?
#2
Carl Windsor_FTNT
Fortinet
  • Total Posts : 249
  • Scores: 42
  • Reward points: 0
  • Joined: 2012/05/02 03:09:16
  • Location: United Kingdom
  • Status: offline
Re: Header From field check 2018/07/19 14:20:11 (permalink)
0
If the spam is spoofing the protected domain, you can use the 6.0 Impersonation detection feature.   
 
In the next major release we will be separating the header alignment check from the spf-checking strict-anti-spoofing setting to allow more flexibility in configuration - although blocking all lack of alignment will generate false positives so it is recommended to tag the subject/top of email rather than block.

Dr. Carl Windsor
Field Chief Technology Officer
Fortinet
#3
Hosemacht
Bronze Member
  • Total Posts : 54
  • Scores: 1
  • Reward points: 0
  • Joined: 2017/04/18 04:06:13
  • Location: Austria
  • Status: offline
Re: Header From field check 2018/07/20 01:05:31 (permalink)
0
you can use the dictonary filter to set a regular expression for the header:
 
[EHeAdEr]^from:.*\b\@example.com\b
 
Change "@example.com" to your Domain name 
set "Search Header" enabled and add it to your antispam profile.
#4
PP2
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/22 19:14:33
  • Status: offline
Re: Header From field check 2019/09/22 19:22:33 (permalink)
0
Hello all,
  with reference to the comment above ("If the spam is spoofing the protected domain, you can use the 6.0 Impersonation detection feature"), does anybody know how to implement it for the entire domain (and not for specific accounts only)? 
We are being swamped by emails spoofing the headers. These were detected with version 5.4.x, but are coming trough now. 
 
I have a case open with support but all what I am getting are suggestion to turn on alignment check, that will not work in our  case. 
 
Thanks!
#5
Jump to:
© 2019 APG vNext Commercial Version 5.5