Firewall News

Top Menu

Main Menu

Alerts & BugsSophos
Sophos Email Appliance: How to block spoofed “From” names

Sophos Email Appliance: How to block spoofed “From” names

By admin
24/09/2019
1740
0
Share:
Sophos Logo

Overview

This article describes how to block spoofed “From” names when the email address isn’t from your own domain.

The following sections are covered:

Applies to the following Sophos products and versions
Sophos Email Appliance

Scenario

In this example, mail from Joe Smith is “spoofed” so that in Outlook his name is displayed as the sender. This is done to fool Tracy into purchasing something and sending it to the scammer. But when checking the actual From address, it is a valid external address.

From: Joe Smith <[email protected]>
To: Tracy Barker <[email protected]>

What to do

  1. Go to Configuration > Policy > Additional Policy > Inbound and then click Add.
  2. Under the Select rule type section, select Use only message attributes and then click Next.
  3. Under the Identify message attributes section, click Add. Select Header in the drop-down menu.
  4. In the Name field, enter “From” (the capital F is important) and select contains (substring match).
  5. In the Value field, enter the name of the person that needs to be filtered (i.e. Joe Smith) and then click Apply.
  1. Continue doing this for the users that are required to be added.
  2. Under Matching Logic, choose One of the message attributes must be present. Click Next.
  1. Click the Exclude Sender tab and select Custom groups.
  2. Enter **@validcompany.com and then click Add. Click Next.
  1. Under the Message actions section, select Quarantine. Click Next.
  2. Enter a Policy rule name, select Activate this rule and then click Save.

This rule will quarantine any email coming in with the display name Joe Smith if it is not also from the domain validcompany.com.

Related information

Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.

Feedback and contact

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.Article appears in the following topics

Previous Article

Sophos named a Leader in the 2019 ...

Next Article

IndiGo Airlines Relies on Fortinet’s Secure SD-WAN ...

Related articles More from author