Anti SPAM not able to block masquerad email
We found this and not sure anyone come across on this issue.
We received a lot spam emails but were not detected/prevented by WG. When we investigate with the logs, we found those "actual senders" domain are in clean/good reputation and hence emails not blocked. Another issue we noticed, those emails appeared to recipient are same domain with company domain but actual senders are not when we look at history logs.
looking solution and thanks in advance if anyone do have any suggestion or solution to improve on WG anti-spam
0
Sign In to comment.
Comments
Review this:
How to prevent spoofed email messages from your own domain with the SMTP Proxy
https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA2F0000000UUadKAG&lang=en_US
Also consider setting up SPF, DKIM, and DMARC on your email server to help prevent spoofing of your domain. It helps your server as well as helping anyone who receives your email to determine its legitimacy.
Gregg Hill
@Greggmh123
We create SPF record but the SPF records allowed our firewall IP because our email hosted at cloud. It will always allowed email from our firewall IP if WG are not performed well at anti-spam.
@Bruce_Briggs
hmm...will give a try.
I assumed from your "We received a lot spam emails but were not detected/prevented by WG" comment that you were running your own SMTP email server behind the WatchGuard firewall and that the SpamBlocker UTM service was not catching it. What protocol are you using to get email from the cloud server?
Where is is your email "hosted at cloud"? You still should set up SPF, DKIM, and DMARC to help prevent spoofing of your domain. Then have your cloud email server make SPF, DKIM, and DMARC checks on all incoming email. Same thing if it were an on-premise mail SMTP server.
I don't understand what you mean by, "It will always allowed email from our firewall IP if WG are not performed well at anti-spam."
Gregg
Gregg Hill