Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
talsayyad
Staff
Staff

Created on ‎04-26-2023 01:01 AM Edited on ‎01-30-2024 02:54 AM By Community Manager

Article Id 253928

Technical Tip: How to detect emails that are missing the 'To:' header

Description This article describes how to detect emails that are missing the 'To:' header.
Scope FortiMail.
Solution

A DLP profile will not detect any email that has both 'From:' AND 'To:' in its headers. This means that if the 'From:' tag is present, the email will only be detected if there is no 'To'.

Enable the DLP feature using the following hidden command if it is not already enabled:

 

# config system global

    set data-loss-prevention enable

end


Navigate to Data Loss Prevention -> Rule & Profile -> Rule in the GUI and create a new DLP rule. Give it a regex header condition ^From:.*$ and add a regex header exception ^To:.*$. See the screenshots below:

 

Rule Condition.png

 Rule Exception.png

 

Create a DLP profile and assign the previously created DLP rule to the profile. Finally, apply the DLP profile to the concerned recipient policy or policies.
Labels:
329
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.