If your’e getting mail from outside sources pretending to be on your domain, you can create a Mail Flow Rule to manage messages that say they are from your domain but really aren’t.
- Log into the ECP and go to Mail Flow > Rules and New (+)
- Click “more options…”
- You want to add two applications. Apply this rule if:
- The sender domain is ‘yourdomain.com’
- The sender location is from outside of the company
- You can treat mail that triggers those two applications any way you’d like. For my guys, I just put [POSSIBLE SPAM] in front of it and let them hash it out. Maybe you don’t trust your security as much as we do and you’d like to delete it right away or open a service ticket; it’s up to you.
Here’s a screenshot:
How to test this thing out
Well, if you’d like, you can send a spoofed email yourself. Do you have a discovery server in place? Or something with SMTP in place? If so, you can use this script here to send a mail using your domain from a server that’s outside of your company. It should trigger.
$MyEmail = "email@example.com" $SMTP= "discovery.yoursmtpserver.com" $To = "firstname.lastname@example.org" $Subject = "Test Spoof Email" $Body = "This is a test email using a domain spoof." #$Creds = (Get-Credential -Credential "$MyEmail") Start-Sleep 2 Send-MailMessage -To $to -From $MyEmail -Subject $Subject -Body $Body -SmtpServer $SMTP -Port 25 -DeliveryNotificationOption never
Otherwise you may just have to wait for it to trigger in production. In the meantime you can add another action and tell it to email you as well, that way you’ll catch them going to your customers you support.