Sophos Email Appliance: How to block spoofed “From” names
Overview
This article describes how to block spoofed “From” names when the email address isn’t from your own domain.
The following sections are covered:
Applies to the following Sophos products and versions
Sophos Email Appliance
Scenario
In this example, mail from Joe Smith is “spoofed” so that in Outlook his name is displayed as the sender. This is done to fool Tracy into purchasing something and sending it to the scammer. But when checking the actual From address, it is a valid external address.
From: Joe Smith <[email protected]>
To: Tracy Barker <[email protected]>
What to do
- Go to Configuration > Policy > Additional Policy > Inbound and then click Add.
- Under the Select rule type section, select Use only message attributes and then click Next.
- Under the Identify message attributes section, click Add. Select Header in the drop-down menu.
- In the Name field, enter “From” (the capital F is important) and select contains (substring match).
- In the Value field, enter the name of the person that needs to be filtered (i.e. Joe Smith) and then click Apply.
- Continue doing this for the users that are required to be added.
- Under Matching Logic, choose One of the message attributes must be present. Click Next.
- Click the Exclude Sender tab and select Custom groups.
- Enter **@validcompany.com and then click Add. Click Next.
- Under the Message actions section, select Quarantine. Click Next.
- Enter a Policy rule name, select Activate this rule and then click Save.
This rule will quarantine any email coming in with the display name Joe Smith if it is not also from the domain validcompany.com.
Related information
- Sophos Email Appliance: Dealing with spoofed sender addresses
- Sophos Email Appliance: Recommended Anti-Spam configuration
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Feedback and contact
If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.Article appears in the following topics
Dell Software Group sold to help fund looming EMC deal
Ingram Micro gets distribution access to Dell’s security range in Australia