Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Chr15
New Contributor

Created on ‎02-13-2019 10:00 AM

How should block a incoming double from address

Hi We are receiving some spam with a double "from address" and Fortimail can´t block all, just some of this by black ip or similar Like this:         (Protected and valid domain)            (Fake sender) from:"local-account@domain..."  <mike.richardson@domain...> What´s the best way to block this issue? Thanks for all the help! ------------------------------ Chris

1736
0 Kudos
1 REPLY 1
abelio
Valued Contributor

Created on ‎02-19-2019 01:56 PM

Hi Chris

there's something wrong in your description.

 

You're seeing the "From:"    field  as printed by a MUA (Outlook or whatever)

 

<mike.richardson@domain...>  it is not the 'fake' sender; according to RFC, that's the  actual sender.

 

"local-account@domain..."  between quotes is just a string, aka your name or mine enclosed by quotes; there's nothing related to your protected domain;

 

Those emails are coming frequently nowadays,  used as vectors for pishing, or attachments hiding nemotet threat variants.

 

The best approach imho is adjust to antispam/antivirus profiles, hardening pishing detection, (and activate sandboxing if you have license for that);

Those tools detects and stops those threats,

 

 

 

 

regards


__ Abel

723
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.