Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1933
Views
5
Helpful
3
Replies

Content filter for not matching headers

zheka_pefti
Level 2
Level 2

‎04-14-2021 01:12 PM

Hello,

Can anyone give me an idea or an advice on how to create a content filter within email security to mark or quarantine emails with non matching from headers. For example, I want to identify emails where I see these not matching headers:

 

Message 4004646 Domains for which SDR is requested: reverse DNS host: host60.mambonetcom.com, helo: host60.mambonetcom.com, env-from: dominionlendingnews.ca, header_from: hotmail.com, reply_to: hotmail.com


As you see, env-from is different from header_from. Also, I don't mind comparing it with reply_to as well

Labels:
3 Replies 3

zheka_pefti
Level 2
Level 2

‎04-16-2021 08:38 AM

Anyone, anything ? .....

0 Helpful

marc.luescherFRE
Spotlight
Spotlight
In response to zheka_pefti

‎04-20-2021 12:09 PM

I spent weeks getting this to work and have written about it on my blog.

My current solution is not working 100% but gives you at least some alerts.

0 Helpful

svgeorgi
Cisco Employee
Cisco Employee

‎05-03-2021 01:13 PM

There are few enhancement requests already filed for the same:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb97836

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCum25300

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCzv12332

Unfortunately, none of them have been implemented yet.

You can subscribe for them in case got implemented actually.

0 Helpful
Customers Also Viewed These Support Documents