Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Adrian_Buckley_FTNT
Staff
Staff

Created on ‎02-17-2010 12:10 PM Edited on ‎09-21-2024 08:03 AM By Staff

Article Id 196452

Technical Tip: Blocking Spam based on the senders Email domain

Description

 

This article describes that sometimes, spammers will send an email with a source email address of the domain being protected:
 
Email From: someone@somedomain.com
Email To: someone@somedomain.com

This is done in an attempt to bypass spam filtering, as people will sometimes safelist their internal domains by name. Safelisting is best done by IP address.


Scope

 

FortiMail.

Solution

 

If the domain has an SPF record, then this option can be enabled to block this kind of email.  DKIM can also be used.

It is not a requirement to have either of these so not every domain will use them.  In this case, it will not be an option to use them. 

Enabling them is done via the session profile.

KB4-edit.PNG

 


If these are not options then this can also be blocked using access rules.

  • The first rule(s) will be to allow outbound email from that domain.  It will be necessary to create enough rules to allow all valid servers to send email using that domain as the source.
  • The last rule will be a catch-all to prevent everyone else from sending emails from that domain.

    kb5-edit.PNG
Labels:
3002
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.