To avoid spoofing of your own domains and these so-called CEO frauds and other variants, VIPRE Email Security suggests setting up an Advanced policy using a Data List which includes IPs allowed to send on behalf of the domain(s).
This is how to create a Data List of IPs
1. Login to the VIPRE Email Security portal
2. In the menu, click on Policies > Data list
3. In the field Add new data list, choose the name for the list ( ex.'Permitted IPs') and press the '+' button
4. Press the Modify button to the right for the list you just created
5. Enter all the IPs which should be allowed to send on behalf of a customer's domain including legitimate 3rd party Spoofs like MailChimp, Constant Contact, or Campaigner, don't forget to include the customer's own IPs.
Note: IPs can be entered as single or as CIDR, one entry per line.
This is how you apply the filter policy for a user:
1. Login to the VIPRE Email Security Portal
2. In the menu to the left, click on 'Policies' followed by 'Advanced Policies'
3. Press the 'Create Policy' button
4. Name the Policy (we would suggest using a naming convention which describes the issue at hand)
5. Select 'Applies to inbound Mail'
6. Enabled for All Domains.
7. Create the following Rule:
If "Sender's Domain", "Contains one of my domains"
AND "IP Address" is "not in list", select the 'Permitted IPs' list you created from Drop down.
8. Select an Action to be completed such as Quarantine etc.
9. Added the Action then select create policy
Done! Once this has been created, it will block spoofed e-mail. Just remember to keep the data list up to date yourself, otherwise the policy will catch false positives.
If you would like the users to be able to release the emails from the quarantine report, then don't forget to tick the box off saying 'Allow user access to quarantined messages' under the 'quarantine message'-action.
Carlos Rios
Comments