Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

How should block a incoming double from address

Hi We are receiving some spam with a double "from address" and Fortimail can´t block all, just some of this by black ip or similar Like this:         (Protected and valid domain)            (Fake sender) from:"local-account@domain..."  <mike.richardson@domain...> What´s the best way to block this issue? Thanks for all the help! ------------------------------ Chris


Hi Chris

there's something wrong in your description.


You're seeing the "From:"    field  as printed by a MUA (Outlook or whatever)


<mike.richardson@domain...>  it is not the 'fake' sender; according to RFC, that's the  actual sender.


"local-account@domain..."  between quotes is just a string, aka your name or mine enclosed by quotes; there's nothing related to your protected domain;


Those emails are coming frequently nowadays,  used as vectors for pishing, or attachments hiding nemotet threat variants.


The best approach imho is adjust to antispam/antivirus profiles, hardening pishing detection, (and activate sandboxing if you have license for that);

Those tools detects and stops those threats,






/ Abel

regards / Abel

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors