Hi We are receiving some spam with a double "from address" and Fortimail can´t block all, just some of this by black ip or similar Like this: (Protected and valid domain) (Fake sender) from:"local-account@domain..." <mike.richardson@domain...> What´s the best way to block this issue? Thanks for all the help! ------------------------------ Chris
Hi Chris
there's something wrong in your description.
You're seeing the "From:" field as printed by a MUA (Outlook or whatever)
<mike.richardson@domain...> it is not the 'fake' sender; according to RFC, that's the actual sender.
"local-account@domain..." between quotes is just a string, aka your name or mine enclosed by quotes; there's nothing related to your protected domain;
Those emails are coming frequently nowadays, used as vectors for pishing, or attachments hiding nemotet threat variants.
The best approach imho is adjust to antispam/antivirus profiles, hardening pishing detection, (and activate sandboxing if you have license for that);
Those tools detects and stops those threats,
regards
__ Abel
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.