domain reputation check? RSS

1

FedEx - you have a parcel! Well, no but it a PIA phishing scam. Just thinking how best to deal with all these 'Click here' link emails. Had a user suckered into one and we are still trying to get ourselves off of all the spam blocking list out there.. But the likes of the FedEx ones, is there any way to set a rule that says "if mail about FedEx is not from FedEx domain then drop"? They seem to come from spoofed domain addresses.

by Bazagee 6 years ago
2

@Bazagee: Did the scammer spoof the FedEx domain in the SMTP sender address, or in the MIME From: field only (http://vamsoft.com/support/docs/knowledge-base/sender-different-in-outlook-and-orf)? I.e., do you see a *fedex.com address in the Sender column in the ORF Log Viewer when checking the related entries (http://vamsoft.com/support/docs/knowledge-base/using-the-log-viewer)?

If they spoof the SMTP sender address, the SPF test of ORF should stop these (since FedEx has an SPF policy published):

http://vamsoft.com/r?o-hto-adm-spf

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)

3

@Krisztián Fekete (Vamsoft): Thanks Krisztian,
No it was more generic than that. Sent by a 'user' with a FedEx looking image and link in the body. So there is nothing really to link it back to FedEx. Users of course can't figure out that if a 'no-body' sends you a legitimate company looking email, it just might not be actually from that company... ;-)

I need to revamp our whole ORF filtering - I have black list and Keyword Blacklists dating back to version 3.0 days.. just too scared to touch it and suffer a tsunami of spam!

by Bazagee 6 years ago
(in reply to this post)

4

I recommend wiping out the current keyword (and all other manual) blacklist and starting from scratch: we recommend relying on automated tests of ORF as much as possible (see our best practices guide at http://vamsoft.com/support/docs/how-tos/best-practices-5.0).

by Krisztián Fekete (Vamsoft) 6 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed