domain reputation check? RSS Back to forum
@Bazagee:
Did the scammer spoof the FedEx domain in the SMTP sender address, or in the MIME From: field only (http://vamsoft.com/support/docs/knowledge-base/sender-different-in-outlook-and-orf)? I.e., do you see a *fedex.com address in the Sender column in the ORF Log Viewer when checking the related entries (http://vamsoft.com/support/docs/knowledge-base/using-the-log-viewer)?
If they spoof the SMTP sender address, the SPF test of ORF should stop these (since FedEx has an SPF policy published):
http://vamsoft.com/r?o-hto-adm-spf
@Krisztián Fekete (Vamsoft):
Thanks Krisztian,
No it was more generic than that. Sent by a 'user' with a FedEx looking image and link in the body. So there is nothing really to link it back to FedEx. Users of course can't figure out that if a 'no-body' sends you a legitimate company looking email, it just might not be actually from that company... ;-)
I need to revamp our whole ORF filtering - I have black list and Keyword Blacklists dating back to version 3.0 days.. just too scared to touch it and suffer a tsunami of spam!
I recommend wiping out the current keyword (and all other manual) blacklist and starting from scratch: we recommend relying on automated tests of ORF as much as possible (see our best practices guide at http://vamsoft.com/support/docs/how-tos/best-practices-5.0).
FedEx - you have a parcel! Well, no but it a PIA phishing scam. Just thinking how best to deal with all these 'Click here' link emails. Had a user suckered into one and we are still trying to get ourselves off of all the spam blocking list out there.. But the likes of the FedEx ones, is there any way to set a rule that says "if mail about FedEx is not from FedEx domain then drop"? They seem to come from spoofed domain addresses.