Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

NFR: Check sender domain against FortiGuard -> Newly registered domain

Hi,

 

Today we had a few scam emails which were accepted, they misspelled our domain so at first glance it looked ok but it was not correct.

And the fortimail let it pass because nothing "dangerous" was in it. 

But the domain was created 2017-11-02, so is it possible to run the sender domain against FortiGuard and flag/redirect emails which will be under the "newly registered domain / newly observed domain" category ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

5 REPLIES 5
Carl_Windsor_FTNT

This is already scheduled for the next release (5.5) together with some other relevant BEC features.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Carl_Wallmark

Nice! Thanks!

 

Any ETA on 5.5 ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

Carl_Windsor_FTNT

I don't want to commit an exact date here as things do change as we add customer NFRs but it should be late Q1/early Q2 timeframe.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Carl_Wallmark

Very good Carl.

 

Thanks!

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

emnoc
Esteemed Contributor III

OP, in the mean time, you can subscribe to a newdomain  listing  service and build a list  of new domains.

e.g

https://www.whoisxmlapi.com

 

Until  a domain has reputation scoring it  will rate neutral in the spam rating for more appliances. I use the above and  unix-whois looks to vaidate domain creation time and manually apply the domains in a tight policy.

 

 

 

PCNSE 

NSE 

StrongSwan