Anti SPAM not able to block masquerad email

We found this and not sure anyone come across on this issue.

We received a lot spam emails but were not detected/prevented by WG. When we investigate with the logs, we found those "actual senders" domain are in clean/good reputation and hence emails not blocked. Another issue we noticed, those emails appeared to recipient are same domain with company domain but actual senders are not when we look at history logs.

looking solution and thanks in advance if anyone do have any suggestion or solution to improve on WG anti-spam

Comments

  • Review this:
    How to prevent spoofed email messages from your own domain with the SMTP Proxy
    https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA2F0000000UUadKAG&lang=en_US

  • Also consider setting up SPF, DKIM, and DMARC on your email server to help prevent spoofing of your domain. It helps your server as well as helping anyone who receives your email to determine its legitimacy.

    Gregg Hill

    Firebox T15/T35-W
    Fireware 12.5.1 build 601804
    WSM 12.5.1 build 601717
    ISP = Spectrum Cable 100 x 10 service
    Management computers: Win 8.1 Pro 64-bit, Win 10 Pro 64-bit, Server 2012 R2

  • @Greggmh123
    We create SPF record but the SPF records allowed our firewall IP because our email hosted at cloud. It will always allowed email from our firewall IP if WG are not performed well at anti-spam.

    @Bruce_Briggs
    hmm...will give a try.

  • @Miaovin said:
    @Greggmh123
    We create SPF record but the SPF records allowed our firewall IP because our email hosted at cloud. It will always allowed email from our firewall IP if WG are not performed well at anti-spam.

    @Bruce_Briggs
    hmm...will give a try.

    I assumed from your "We received a lot spam emails but were not detected/prevented by WG" comment that you were running your own SMTP email server behind the WatchGuard firewall and that the SpamBlocker UTM service was not catching it. What protocol are you using to get email from the cloud server?

    Where is is your email "hosted at cloud"? You still should set up SPF, DKIM, and DMARC to help prevent spoofing of your domain. Then have your cloud email server make SPF, DKIM, and DMARC checks on all incoming email. Same thing if it were an on-premise mail SMTP server.

    I don't understand what you mean by, "It will always allowed email from our firewall IP if WG are not performed well at anti-spam."

    Gregg

    Gregg Hill

    Firebox T15/T35-W
    Fireware 12.5.1 build 601804
    WSM 12.5.1 build 601717
    ISP = Spectrum Cable 100 x 10 service
    Management computers: Win 8.1 Pro 64-bit, Win 10 Pro 64-bit, Server 2012 R2

Sign In to comment.