June 11, 2021

How can i prevent phishing from domain spoofed external mails with a Security Email Gateway?

Hi,

first of all im new into cybersecurity & im new in this sub.

Our company is facing high throughput of phishing mails from *outlook.com & *hotmail.com. Our Security Email Gateway is a FortiMail which normally works fine. I saw a lot of help through google but they always affect the internal domain address spoofing. Like “Oh an important email from my Boss Mr. X” *click* (The gateway will compare the email header with the name of the boss) but this doesn’t fit on external senders.

I also cant blacklist these 2 domains because there also come serious mails from them sometimes.

Greylisting also didn’t work, a phishing mail was send 15min later again. Maybe greylisting is also kinda outdated.

The full phishing addresses look like [email protected]*. Addresses are changing, IPs are changing and content also. Its really annoying and just a matter of time when a co-worker *clicks* and enters credentials.

​

Maybe some guys of you can give me advice. Greetings.

Additional info: 80% of the phishing mails go to inactive accounts (reject), how ever… other 20% addressing active accounts.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.