Return Email DNS Check suggestion
I'm not sure if Fortinet people read this, but if they do, I have a suggestion:
For email, there is an option to check the return address of email to see if its valid. "Return Email DNS Check"
Seems like a good idea, except, it seems pretty common practice for companies to tweak the return address so that YOU CAN'T REPLY to it. What they do is add a "fake subdomain," before the domain name. For example, progressive insurance might send out an email with a return address of: customerservice@e.progressive.com That email address is not valid, but if you remove the e part then customerservice@progressive.com is valid. Here are some others:
emailclub@marketing.jerseymikes.com
So my suggestion. When doing the return address DNS check, ONLY use the full domain name for the DNS check, and remove the subdomain name. I wish I could tell it to do that, but there isn't a way I can see.