Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Spoof IP dictionary question

david_2221david_2221 Newbie ✭
in Email Security Software

Hello,

I'm trying to setup a filter and corresponding dictionaries for a client getting way more spoofed emails recently than before. I've setup the filter using the To and From conditions using a dictionary with their valid email domains (following this guide - https://www.sonicwall.com/support/knowledge-base/how-to-block-a-spoofed-spam-with-the-same-from-and-to-email-address-using-our-custom-policy-filter/170504382082588/). I added a condition for Source IP - is not - use dictionary with IPs listed from MailChimp, SalesForce and other mailing services the client uses, but it's still sending the emails to the users' junk boxes. Can I use CIDR format in the dictionary for the valid IP dictionary? I haven't been able to find an article with a definitive answer. Thanks for your help!


david.

Category: Email Security Software
Reply

Answers

  • SamHSamH SonicWall Employee

    The requirement must be met by adding a policy filter with unique parameters from the header of the email that you received. If you still require assistance, please let us know so that we can open a technical support case and assist you.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @david_2221 my Spoofing Filter looks for "From & MAIL FROM" against a dictionary, similar to the KB-article. As additional condition you could check against "Source IP" to whitelist your bulk mail senders, but no CIDR support which is painful.

    Works as intended.

    --Michael@BWC

Sign In or Register to comment.