04-20-2021 11:46 AM
We have a Dictionary setup with all of our Executives on it to protect us from receiving emails from people pretending to be our executives and this works great. I was wondering if it would be possible to do something like this with all users in our GAL? We sync with LDAP but I haven't been able to figure out a way to create a rule with this information? Is it possible?
Right now the Executives are added to a Dictionary and then associated with an Incoming Content Filter
Any advice would be greatly appreciated
Thank you
Jessie
Solved! Go to Solution.
04-20-2021 01:02 PM
04-20-2021 12:19 PM
How many users would you have in your GAL ?
This defines your options.
04-20-2021 12:41 PM
We have approximately 3500 Email Users.
04-20-2021 01:02 PM
04-20-2021 02:07 PM
My thought was maybe I should at least add Director or Manager and above to a dictionary.
Just wanted to be sure I wasn't missing something obvious
04-21-2021 04:25 AM
You did all right
05-03-2021 12:47 PM
The idea of FED is to protect employees of spoofed high level persons in the same organization - those are people with authority and are authorized to give orders out, including financial ones. So FED is comparing the username part of the email address for similarity with records defined in a dictionary. When you put too many names in that dictionary though, you'll most likely start receiving false positives, and will have many high level people frustrated.
That's the reason why it is not a good strategy to use FED for a big group of people.
Instead an anti-spoofing message filter can be (if it's not yet) configured to do something else - to compare the envelope sender and the From header and most specifically the domain part of them with a dictionary in which your own domains are defined. If such email is not coming from your internal mail server such "spoofed" emails should be dropped in general.
Another thing that can be done is to configure a filter which will check the if the message are coming from authorized servers (SPF check) or if they are signed properly (DKIM) by their senders.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide