Helpful ReplyHot!Blocking mail from counterfeit (fake) sender

Author
i_litvinov
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/27 02:14:20
  • Status: offline
2019/08/27 02:25:39 (permalink) FortiMail
0

Blocking mail from counterfeit (fake) sender

Is there any way to block fake "Client" field just like the one on the attachment?
 
In the attachment, there is "Header from" field pointing to an appropriate (trusted) sender, but the "Client" field displays unwanted and potentially dangerous sender. If there a method to block such fake senders?

Attached Image(s)

#1
Hosemacht
Silver Member
  • Total Posts : 67
  • Scores: 3
  • Reward points: 0
  • Joined: 2017/04/18 04:06:13
  • Location: Upper Austria
  • Status: offline
Re: Blocking mail from counterfeit (fake) sender 2019/08/27 02:44:26 (permalink) ☄ Helpfulby i_litvinov 2019/08/27 03:14:43
0
Hi
 
just activate SPF checking
 
yandex has the following SPF record :
v=spf1 include:_spf-ipv4.yandex.ru include:_spf-ipv6.yandex.ru ~all

so yandex did only a soft fail wich passes the email even if the SPF record doesnt match.
You have to set your fortimail to block all SPF failures to avoid further fake mails.
 
Regards

sudo apt-get-rekt
#2
i_litvinov
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/27 02:14:20
  • Status: offline
Re: Blocking mail from counterfeit (fake) sender 2019/08/27 03:11:13 (permalink)
0
Hi!
SPF was enabled on AntiSpam tab but in session profile was disabled. Activated, will try!
 
Thanks a lot!
#3
i_litvinov
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/27 02:14:20
  • Status: offline
Re: Blocking mail from counterfeit (fake) sender 2019/08/27 03:15:12 (permalink)
0
the_giraffe_that_wasnt_president
Hi
 
just activate SPF checking
 
yandex has the following SPF record :
v=spf1 include:_spf-ipv4.yandex.ru include:_spf-ipv6.yandex.ru ~all

so yandex did only a soft fail wich passes the email even if the SPF record doesnt match.
You have to set your fortimail to block all SPF failures to avoid further fake mails.
 
Regards


 
Should i also enable DMARC with SPF?
#4
Hosemacht
Silver Member
  • Total Posts : 67
  • Scores: 3
  • Reward points: 0
  • Joined: 2017/04/18 04:06:13
  • Location: Upper Austria
  • Status: offline
Re: Blocking mail from counterfeit (fake) sender 2019/08/27 03:58:57 (permalink)
0
DMARC is a combination of SPF and DKIM
 
i would not recomment to enable this feature unless you have not already a working DKIM for your Domain and MTAs.
enable SPF in the Antispam profile should work well but Bypass SPF checking in the session profile should be set to disable.
 
Regads

sudo apt-get-rekt
#5
Jeff Roback
Bronze Member
  • Total Posts : 39
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/08/18 16:48:33
  • Status: offline
Re: Blocking mail from counterfeit (fake) sender 2020/05/19 15:42:03 (permalink)
0
Make sure you're aware of a unique behavior in the Fortimail...  anyone in your safelist will not have SPF checking done...  So frequently the very same people you're wanting to insure delivery for will not be protected with SPF.
 
See threads here:
https://forum.fortinet.com/tm.aspx?m=161900
 
and here:
https://forum.fortinet.com/tm.aspx?m=175489
 
for more details
 
#6
Jump to:
© 2020 APG vNext Commercial Version 5.5