Sophos Ideas / SG UTM

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

← SG UTM

spoof attack

Working with Sophos support (case 5397031), the current product is not able to stop a spoof attack in which the "envelope from" is valid but the body sender address is spoofed as an internal address.

SPF checks are not effective in this scenario and the message is delivered.

30 votes
Sign in
(thinking…)
Sign in with: Facebook Google Log in with your Sophos ID
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Jon Camp shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

6 comments

Sign in
(thinking…)
Sign in with: Facebook Google Log in with your Sophos ID
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Bill Galeckas commented  ·   ·  Flag as inappropriate

    Opened a ticket for this exact issue! #112794

    This should be built -in functionality to check the "Display From" against the "Mail From" and tag it as spam if different.

  • Jakir Hussein commented  ·   ·  Flag as inappropriate

    I agree to Jon Camp. Even we were victim of spoof email attack, where due to strict spf checks failure we recieved spoof emails having email address from address as our internal users.
    sophos has to consider this issue seriously and come up with strict spf checks option

  • Adrian commented  ·   ·  Flag as inappropriate

    Our organisation has been impacted by these types of messages as well. Would like to see what solution can be provided.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This may be difficult as there is a reasonable possibility of false positives. As this type of email is almost certainly spam, perhaps weighting the spam score when this condition occurs is a good way to address it?

  • Russell Youngs commented  ·   ·  Flag as inappropriate

    [#5906399] Spoofed email us as well. Spear phish to one internal user and passes SPF and greylisting retry is successful. It seems a message attribute checking might be needed.

SG UTM: Mail Protection

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.