Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
887
Views
0
Helpful
1
Replies

Forged Email and Spoofed Email

Navar
Level 1
Level 1

‎12-04-2018 11:46 AM

I created a spoofed email policy per this KB https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200166-Quarantine-Spoofed-Email-Messages-on-the.html

And so far it is working.  But how is spoofed email different from forged emails.

Can you have both enabled at the same time?

Is one better than the other?

Labels:
0 Helpful
1 Reply 1

dmccabej
Cisco Employee
Cisco Employee

‎12-05-2018 08:21 AM - edited ‎12-05-2018 08:22 AM

Hello,

 

Forged Email Detection (FED) is used to compare the Display Name within the From header against a dictionary of names. It uses a fuzzy matching type algorithm for the comparison, provides a score, and then action is taken based on that verdict. The article in question allows you to create a filter that checks against the actual domain within the From header vs. just the Display Name. The filter is/was actually what we recommended prior to FED being implemented in AsyncOS. I would say that when setup correctly both can work very well together. 

 

Thanks!

-Dennis M.

0 Helpful
Customers Also Viewed These Support Documents