domain reputation check? - ORF Forums

domain reputation check? RSS Back to forum


FedEx - you have a parcel! Well, no but it a PIA phishing scam. Just thinking how best to deal with all these 'Click here' link emails. Had a user suckered into one and we are still trying to get ourselves off of all the spam blocking list out there.. But the likes of the FedEx ones, is there any way to set a rule that says "if mail about FedEx is not from FedEx domain then drop"? They seem to come from spoofed domain addresses.

by Bazagee 6 years ago

@Bazagee: Did the scammer spoof the FedEx domain in the SMTP sender address, or in the MIME From: field only ( I.e., do you see a * address in the Sender column in the ORF Log Viewer when checking the related entries (

If they spoof the SMTP sender address, the SPF test of ORF should stop these (since FedEx has an SPF policy published):

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)


@Krisztián Fekete (Vamsoft): Thanks Krisztian,
No it was more generic than that. Sent by a 'user' with a FedEx looking image and link in the body. So there is nothing really to link it back to FedEx. Users of course can't figure out that if a 'no-body' sends you a legitimate company looking email, it just might not be actually from that company... ;-)

I need to revamp our whole ORF filtering - I have black list and Keyword Blacklists dating back to version 3.0 days.. just too scared to touch it and suffer a tsunami of spam!

by Bazagee 6 years ago
(in reply to this post)


I recommend wiping out the current keyword (and all other manual) blacklist and starting from scratch: we recommend relying on automated tests of ORF as much as possible (see our best practices guide at

by Krisztián Fekete (Vamsoft) 6 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2