02-16-2023 12:08 PM
Hi,
I have more and more often a legitimate domains whichs is compromised.
These domains have never been used to send email to my company before.
Now attacker sends email from theses domains with a phishing link to me.
Cisco security proxy did not detect that was a phishing email, but it is an other problem.
Is there a way to make a special treatment on Cisco ESA with these "new incomming senders" like put a special header message to users ?
The obvious solution is to create a content filter with a list of exclusions for top known domains, but it seems hard to keep up to date and dirty.
02-16-2023 12:23 PM
02-22-2023 10:36 AM
You could take a look at the senderbase reputation score (https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117919-technote-cdc-00.html) And make an Content filter for certain range of score, so you could add and disclaimer text to the emails.
03-02-2023 02:23 AM
Thanks for your answers.
Yes It could be smart to add a disclaimer for "poor" reputation.
Unfortunatly I still have users who opened clearly bad attachments with a disclaimer message ...
For the SBRS is there a view to see the distribution of this score. There is for the domain reputation score but not for SBRS.
I need to know what percentage of my incoming mails will be affect by the disclaimer.
Guillaume
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide