Block email faking to be from our domain but coming from outside?

Remco Barendse mailscanner at barendse.to
Fri Jun 8 12:18:02 UTC 2018


Thanks for your reply!  These are not bulk spam messages, I'm talking 
carefully engineered tailor made messages from someone imposing to be 
myself and trying to persuade someone in finance to make a payment or 
change bank details.

That's why I would like to explore options to flag those messages. If 
mail arrives from outside and our domain name is in the From: address 
something is terribly wrong :)

I don't think SpamAssassin would help much in that case?


On Fri, 8 Jun 2018, David Jones via MailScanner wrote:

> On 06/08/2018 04:35 AM, Remco Barendse wrote:
>> See more and more messages incoming with fraud attempts. The mail is 
>> constructed to look like from someone in our organization sent it and is 
>> addressed to people within the organization.
>> 
>> Is there any way to block email with a sender that pretends to be coming 
>> from @myowndomain.com but coming from outside?
>> 
>> I use Exchange and all real email is coming only from Exchange, never from 
>> outside.
>> 
>> What would be the right way to do it?
>> 
>> 
>> 
>> Also, some companies sign incoming email messages with a one liner as the 
>> very first line of an email like :
>> "THIS EMAIL ORIGINATED FROM OUTSIDE OUR ORGANIZATION"
>> 
>> How to do that ? I found that MailScanner can sign messages but only at the 
>> bottom of an email?
>> 
>> 
>
> This might be a better question for the SpamAssassin Users list but I can 
> help anyway.  Please post an example with minimal redacting to pastebin.com 
> and send us a link.  There are about a dozen or two things that that can be 
> tuned in SpamAssassin but I have a feeling that you can use the Message-ID 
> header to determine spoofed inbound messages.
>
>


More information about the MailScanner mailing list