2 Replies Latest reply: Mar 2, 2013 4:49 AM by Attila Polinger RSS

    Blocking email with both sender&recipient domain same as internal domain (EWS 5.6)

    mjmurra

      Say you have OrganisationA.com , if an email comes from external with the sender address of fred@organisationA.com, and it is addressed to john@organisationA.com what is the best way to block this?

       

      Best way so far I've worked out is to create a policy looking for *@organisationA.com in both the sender/recipient addresses, then using a blacklist in that policy for *@organisationA.com to then quarantine it.

       

      Doesn't seem the best way. Any other suggestions?

        • 1. Re: Blocking email with both sender&recipient domain same as internal domain (EWS 5.6)
          ews_crusader

          Helo,

           

          go to email -> email configuration -> receiving email -> permit and deny lists -> Permitted and blocked senders

           

          put your internal email server ip to "permitted senders"

           

          and your Domain into "blocked senders"

           

          Emails from senders / networks / domains in this list are always refused unless overridden by an entry in the permitted senders list.

           

           

          • 2. Re: Blocking email with both sender&recipient domain same as internal domain (EWS 5.6)
            Attila Polinger

            Hello,

             

            a possible alternative to Permitted/Denied Senders/IPs is to make use of SPF filtering in sender authentication section of the policy you use for filtering inbound email primarily. This also implies having a what is called SPF TXT record in your DNS server facing the internet. In this SPF record your organization would list what IP/domain is permitted to send mail on your behalf. Once that is in place, you can activate the SPF filtering in the email filtering policy.

             

            SPF filtering is otherwise useful if you do not have your own SPF TXT record, because many organizations out there do, and you can filter mail with fake senders from those organizations.

             

            Attila