Is there any way to block fake "Client" field just like the one on the attachment?
In the attachment, there is "Header from" field pointing to an appropriate (trusted) sender, but the "Client" field displays unwanted and potentially dangerous sender. If there a method to block such fake senders?
Solved! Go to Solution.
Hi
just activate SPF checking
yandex has the following SPF record :
v=spf1 include:_spf-ipv4.yandex.ru include:_spf-ipv6.yandex.ru ~all
so yandex did only a soft fail wich passes the email even if the SPF record doesnt match.
You have to set your fortimail to block all SPF failures to avoid further fake mails.
Regards
sudo apt-get-rekt
Hi
just activate SPF checking
yandex has the following SPF record :
v=spf1 include:_spf-ipv4.yandex.ru include:_spf-ipv6.yandex.ru ~all
so yandex did only a soft fail wich passes the email even if the SPF record doesnt match.
You have to set your fortimail to block all SPF failures to avoid further fake mails.
Regards
sudo apt-get-rekt
Hi!
SPF was enabled on AntiSpam tab but in session profile was disabled. Activated, will try!
Thanks a lot!
That's weird
If SPF was enabled in AntiSpam profile that should do the work.
Enabling SPF in the session profile will just "improve performance" by rejecting invalid senders before more resource-intensive AntiSpam scans are performed.
In our environment , SPF is disabled in session profile and enabled in AntiSpamprofile and still working fine ..
Thanks
Nope. If the user or the admin adds the address to a safelist, all of the antispam profile, including SPF, is never checked.
Jeff Roback
the_giraffe_that_wasnt_president wrote:Hi
just activate SPF checking
yandex has the following SPF record :
v=spf1 include:_spf-ipv4.yandex.ru include:_spf-ipv6.yandex.ru ~allso yandex did only a soft fail wich passes the email even if the SPF record doesnt match.
You have to set your fortimail to block all SPF failures to avoid further fake mails.
Regards
Should i also enable DMARC with SPF?
DMARC is a combination of SPF and DKIM
i would not recomment to enable this feature unless you have not already a working DKIM for your Domain and MTAs.
enable SPF in the Antispam profile should work well but Bypass SPF checking in the session profile should be set to disable.
Regads
sudo apt-get-rekt
Make sure you're aware of a unique behavior in the Fortimail... anyone in your safelist will not have SPF checking done... So frequently the very same people you're wanting to insure delivery for will not be protected with SPF.
See threads here:
https://forum.fortinet.com/tm.aspx?m=161900
and here:
https://forum.fortinet.com/tm.aspx?m=175489
for more details
Jeff Roback
Jeff Roback wrote:Make sure you're aware of a unique behavior in the Fortimail... anyone in your safelist will not have SPF checking done... So frequently the very same people you're wanting to insure delivery for will not be protected with SPF.
See threads here:
https://forum.fortinet.com/tm.aspx?m=161900
and here:
https://forum.fortinet.com/tm.aspx?m=175489
for more details
absolutely correct!
my own workaround for this behavior is to purge all white lists twice a year.
Cheers
sudo apt-get-rekt
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.