Hello,
can anyone suggest me, how to avoid such simmilar SPAM messages?
Hi Muri
In your AntiSpam profile have you enabled FortiGuard filter with URL category "default"? If you did it already then the above mails could be legitimate mails (not categorized as SPAMs). In that case you can deny them with blocklist.
Hello @AEK
Yes, we set the URL category by our selfe and picked also more categoryes as are included in "default" profile:
Then I guess the received mails are not actually spam, or they don't have the spam qualifications. Maybe spear phishing (which is not spam), but you can analyze them deeper ans see if they are really so.
As mentioned before, you may still block them with blocklists.
Adding to what @AEK mentioned, I might also include at least 1 or 2 DNSBL lists to your AntiSpam profile (eg... zen.spamhous.org, b.barracudacentral.org, etc...). Also, based on the examples you gave are from varied countries, do you typically receive email from said countries or other countries in general? You can look at implementing Geo IP blocking as an additional option if this is applicable.
The example shown applies to the Access Control policy or you can do it at the IP Policy instead... each has there slight pros and cons. For me, the IP Policy was recommended to me by Fortinet support and since I receive email from very few countries outside of the USA, I built a Allowed_Countries policy (Inbound Session) to be on top with a few countries defined, then a policy under it called Blocked_Countries that had all countries with policy set to reject.
Hello @Cajuntank
we already use list of 10. DNSBL providers:
The Geo IP blocking sounds as good idea in this case. Maybe we can try with this yes.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.