Spoof IP dictionary question
I'm trying to setup a filter and corresponding dictionaries for a client getting way more spoofed emails recently than before. I've setup the filter using the To and From conditions using a dictionary with their valid email domains (following this guide - https://www.sonicwall.com/support/knowledge-base/how-to-block-a-spoofed-spam-with-the-same-from-and-to-email-address-using-our-custom-policy-filter/170504382082588/). I added a condition for Source IP - is not - use dictionary with IPs listed from MailChimp, SalesForce and other mailing services the client uses, but it's still sending the emails to the users' junk boxes. Can I use CIDR format in the dictionary for the valid IP dictionary? I haven't been able to find an article with a definitive answer. Thanks for your help!
The requirement must be met by adding a policy filter with unique parameters from the header of the email that you received. If you still require assistance, please let us know so that we can open a technical support case and assist you.
@david_2221 my Spoofing Filter looks for "From & MAIL FROM" against a dictionary, similar to the KB-article. As additional condition you could check against "Source IP" to whitelist your bulk mail senders, but no CIDR support which is painful.
Works as intended.