How should block a incoming double from address

Forum|Forum|7 years ago
February 13, 2019
1 reply
2478 views

Hi We are receiving some spam with a double "from address" and Fortimail can´t block all, just some of this by black ip or similar Like this: (Protected and valid domain) (Fake sender) from:"local-account@domain..." <mike.richardson@domain...> What´s the best way to block this issue? Thanks for all the help! ------------------------------ Chris

abelio

SuperUser

Hi Chris

there's something wrong in your description.

You're seeing the "From:" field as printed by a MUA (Outlook or whatever)

<mike.richardson@domain...> it is not the 'fake' sender; according to RFC, that's the actual sender.

"local-account@domain..." between quotes is just a string, aka your name or mine enclosed by quotes; there's nothing related to your protected domain;

Those emails are coming frequently nowadays, used as vectors for pishing, or attachments hiding nemotet threat variants.

The best approach imho is adjust to antispam/antivirus profiles, hardening pishing detection, (and activate sandboxing if you have license for that);

Those tools detects and stops those threats,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded