12-01-2014 12:26 AM
Hi,
I am facing the problem of receiving fake emails that have from address look quite the same as my domain.
For example lets say my domain is test.com. Lately I have received faked email destined to valid users of my domain having as senders users of domains that change with one or two letters from my domain, making the user believing he is receiving mails from inside the domain and replying back. Here are some example:
from: validuser1@testt.com
to: validuser2@test.com
from: validuser1@test2.com
to: validuser2@test.com
from: validuser1@ttest.com
to: validuser2@test.com
Is there any solution based on message filters ( + regular expression) that will quarantine emails that look quite the same as a given domain?
Thx,
Ardi
Solved! Go to Solution.
12-02-2014 06:20 AM
Good. We were on the same page with the filter layout. For me, I just wanted to aim and make sure that the domains would be detected as needed. But - as stated, with the regex, it grabs full domains aside for your own domain.
-Robert
12-02-2014 05:52 AM
Could you not just add in the faux domains to your blacklist?
If not - using a message filter - you could do something similar to this:
quarantine_not_my_domain:
if (mail-from == "(?i)@(test)\\.com$"){
skip-filters();
}
else {
if (mail-from == "(?i)@(testt|test2|ttest)\\.com$"){
quarantine('Policy');
}}
.
-Robert
12-02-2014 06:01 AM
Hi Roberts,
Thx for the reply.
Yes blacklist is an option but has to be done for every domain.
Your script works for only some combinations. I did a little research on regular expression and made the message filter.
quarantine_obfuscations_to_test:
12-02-2014 06:20 AM
Good. We were on the same page with the filter layout. For me, I just wanted to aim and make sure that the domains would be detected as needed. But - as stated, with the regex, it grabs full domains aside for your own domain.
-Robert
12-02-2014 06:24 AM
Yes and script might quarantine valid domain also. Maybe i should narrow the filter to fewer domains.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide