Jump to content


  • Content Count

  • Joined

  • Last visited

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. perfekt article.... thank you but what in case of this... SPF+DKIM Checks are OK From: "known.customer@customersdomain.com" <evil@nasty.com>Return-Path: evil@nasty.com ? both sender are outside my network, but the one under the "" is my customer, the <> is the problem. you know outlook, the problem is the user, which believe this mail is will not be harmful, because it was sent by the customer, but at this time it's too late... blocking the nasty.com after receiving is too late. maybe next time mails came from: "antoher.customer@theirdomain.com" <bad@s
  2. Hi! Thank you for the information. my problem is not macros, my problem is mail spoofing, pls see mail header...
  3. Hi! I tried to use custom rules, but I was not able to combine the two From Headers, or to compare/differentiate (params), or I failed in the implementation. Quarantining Macro enabled Docs is clear to me, but does not solve the special problem of spoofing... also having a rule which checks for macros, but this macro was in office doc which was zipped... How can I build such a rule? The conditions are AND conditions... and how params should used?
  4. How can this be handled? or maked as spam? Such mails currently occur more frequently and the attachments are packed. Inside are Office Docs with nasty macros, which are mostly not recognized.... SPF Checks and DKIM is all OK From: "known.customer@trusteddomain.com" <evil@nasty.com> Date: Wed, dd Sep 2020 hh:mm:ss +0000 To: mymailbox@mydomain.com Subject: knownsubject MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Content-Type: multipart/mixed; boundary=067204a8992001fcc2d3323ef782a184 Message-ID: <xyz@mail01.mydomain.local> Return-Path: evil@nasty.com
  • Create New...