Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Muri
New Contributor II

Created on ‎05-06-2024 05:59 AM

Fortimail - SPAM mails - how to avoid such messages

 

Hello,

can anyone suggest me, how to avoid such simmilar SPAM messages?

2024-05-06_14h55_27.png

2024-05-06_14h58_56.png

Labels:
238
0 Kudos
5 REPLIES 5
AEK
SuperUser
SuperUser

Created on ‎05-06-2024 07:42 AM

Hi Muri

In your AntiSpam profile have you enabled FortiGuard filter with URL category "default"? If you did it already then the above mails could be legitimate mails (not categorized as SPAMs). In that case you can deny them with blocklist.

AEK
AEK
226
Muri
New Contributor II
In response to AEK

Created on ‎05-06-2024 10:42 PM

Hello @AEK 
Yes, we set the URL category by our selfe and picked also more categoryes as are included in "default" profile:

2024-05-07_07h41_19.png

177
0 Kudos
AEK
SuperUser
SuperUser
In response to Muri

Created on ‎05-07-2024 12:07 AM

Then I guess the received mails are not actually spam, or they don't have the spam qualifications. Maybe spear phishing (which is not spam), but you can analyze them deeper ans see if they are really so.

As mentioned before, you may still block them with blocklists.

AEK
AEK
165
Cajuntank
Contributor II

Created on ‎05-06-2024 09:36 AM

Adding to what @AEK mentioned, I might also include at least 1 or 2 DNSBL lists to your AntiSpam profile (eg... zen.spamhous.org, b.barracudacentral.org, etc...). Also, based on the examples you gave are from varied countries, do you typically receive email from said countries or other countries in general? You can look at implementing Geo IP blocking as an additional option if this is applicable.

 

https://community.fortinet.com/t5/FortiMail/Technical-Tip-How-to-block-incoming-emails-from-some-cou...

 

The example shown applies to the Access Control policy or you can do it at the IP Policy instead... each has there slight pros and cons. For me, the IP Policy was recommended to me by Fortinet support and since I receive email from very few countries outside of the USA, I built a Allowed_Countries policy (Inbound Session) to be on top with a few countries defined, then a policy under it called Blocked_Countries that had all countries with policy set to reject.

 

205
Muri
New Contributor II
In response to Cajuntank

Created on ‎05-06-2024 10:49 PM

Hello @Cajuntank 

we already use list of 10. DNSBL providers:

2024-05-07_07h46_34.png

The Geo IP blocking sounds as good idea in this case. Maybe we can try with this yes.

172
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.