03-02-2018 01:46 AM - edited 03-08-2019 07:34 PM
Hello all
we have a problem that we get emails from external spam, where the Name ist from our CEO but the email-Adress does not match.
Like an email from "Manuel Wurst <spamadress@russkieo.org", correct should be "Manuel Wurs <manuel.wurst@correct.com"
Can somebody give me a hint how to check an compare this ?
Thank you and greetings from Austria
Wolfgang
03-02-2018 04:26 AM
Hi,
You can configure filters on the ESA to look for specific content (in this case the name of the CEO) within the From header. For multiple names you could also use dictionaries with names of all executives.
For the content filter set condition to Other Header, value as per your requirement and action to quarantine. The filter can then be enabled on an incoming mail policy to check inbound emails.
Starting Async OS 10, a new feature forged email detection was added which helps detect fraudulent messages with forged sender address (From: header) and perform actions on such messages.
This functionality and configuration is explained in the end user guide below:
Chapter 22 (Page 22-41)
https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa10-0/ESA_10-0_User_Guide.pdf
Regards,
Libin Varghese
03-02-2018 04:37 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide