Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Spoof IP dictionary question


I'm trying to setup a filter and corresponding dictionaries for a client getting way more spoofed emails recently than before. I've setup the filter using the To and From conditions using a dictionary with their valid email domains (following this guide - I added a condition for Source IP - is not - use dictionary with IPs listed from MailChimp, SalesForce and other mailing services the client uses, but it's still sending the emails to the users' junk boxes. Can I use CIDR format in the dictionary for the valid IP dictionary? I haven't been able to find an article with a definitive answer. Thanks for your help!


Category: Email Security Software


  • Options
    SamHSamH SonicWall Employee

    The requirement must be met by adding a policy filter with unique parameters from the header of the email that you received. If you still require assistance, please let us know so that we can open a technical support case and assist you.

  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    @david_2221 my Spoofing Filter looks for "From & MAIL FROM" against a dictionary, similar to the KB-article. As additional condition you could check against "Source IP" to whitelist your bulk mail senders, but no CIDR support which is painful.

    Works as intended.


Sign In or Register to comment.