Joe-ESET2016 0 Posted November 24, 2020 Share Posted November 24, 2020 Hello, Customer with Exchange 2013 CU23 was in email-discussion with a supplier. "Supplier-mail-adress" send an faked pdf-invoice with different bank-details. (scam-mail) From: Field was right. Reply-to: was the scammer with a strange-mail-domain. SMTP Sender IP was strange and not the Supplier In ESET Mail Security I could create Mail-Rules in case "SPF failed" or "rDNS is missing" , but as far as I know I don´t have much other opportunities to avoid such scam. Thx for you oppinion! Link to comment Share on other sites More sharing options...
ESET Staff M.K. 17 Posted November 30, 2020 ESET Staff Share Posted November 30, 2020 Hi, your customer can use additional rules with conditions: SMTP Sender's domain, Sender's IP address, From header - address, to check if emails with From: "supplier-mail-address" have also corresponding IP address range or SMTP Sender. Note: we plan to add the Sender Spoofing Protection feature to the upcoming vNext version of EMSX, to help to automate tasks like these. Link to comment Share on other sites More sharing options...
Recommended Posts