Link to home
Start Free TrialLog in
Avatar of AXISHK
AXISHK

asked on

Fraud Email

We have received several email that the Display name is our company user but the actual email address is from external email. Is there any application that can identify this kind of emails ?

In outlook, is it possible to show the display name as well as the actual email address where the email is coming from ? Again, any solution to block this type of email.

Thx
Avatar of Bhushan Gaikwad
Bhushan Gaikwad

hello sir
use exchange message tracking
You can often hover over the email address and see the actual sending domain (not yours).

Make sure you have a Top Notch spam filter. These should really not be coming in. Your spam filter definitely needs improvement.
Avatar of masnrock
The moment you open a message, Outlook shows the email address of the user if it did not originate from inside the organization.

You have choices....

1) You could create a transport rule where you tag all emails from outside of the company (i.e. appending [EXTERNAL] to the front of messages not from servers allow to send messages as an internal user)
2) Automatically block messages that show the from field as an internal email address, but originates from outside of the organization (bear in mind that you have to be VERY careful with this is you have a cloud based service that sends emails as an internal address)

Also, have you made sure that accounts from your organization aren't being compromised?
In outlook, is it possible to show the display name as well as the actual email address where the email is coming from ? Again, any solution to block this type of email.
Yes, but it is not as straightforward as you might think. I have used these steps listed in the list below before. Give it a read through and let me know if anything is unclear.
https://www.howto-outlook.com/howto/viewsenderaddress.htm
SOLUTION
Avatar of John
John
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I would also recommend you check your Mail Relay. Seems you have an open relay
Additionally, try installing Message Header Analyzer in Outlook from Office Store. It can reveal message headers and other details that might be useful in determining the authenticity of the message.
If you have Exchange server, please implement DKIM and install key in your External DNS.
No body will be able to send email again pretending that is coming from your server.
Unless relay is open and it is relayed internally from and infected computer
you can check internet header files from outlook and find the original sender domain (Original IP address), you can block it from EMail Gateway or Edge server (If you have)
You can use dmarc. This will save you.
Avatar of AXISHK

ASKER

Current our setup is

Outgoing : Exchange -> IMSVA -> External mail
Incoming : External mail -> IMSVA -> Exchnage

The fraud email is coming from another domain (say john@yahoo.com) with display name as (May Lee - a valid user name in our organization). Can the proposed solution be blocked in this case.


Thx
Yes. Dmarc will help you in this by identifying from where the email is coming
Avatar of AXISHK

ASKER

Can instruction on setting up the DMARC, should this be setup on my Exchange, or my IMSVA, or both ?

are DKIM and DMARC the same ?

Thx.
Avatar of AXISHK

ASKER

"Automatically block messages that show the from field as an internal email address, but originates from outside of the organization".

Should this be done in Exchange or Trend Micro IMSVA ? Any reference of how to set it up ?

Thx
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
DKIM is electronic seal.
When you install it on your Exchange, then DKIM will generate spacial encrypted key and will put to your all outgoing emails header. Second copy you need to place i your external DNS TXT record.

If you'll send email from your server with DKIM, recipient server will check with your DNS if this KEY is the same. If it is then will process email , if not then will reject it.

No one will send ever any email from different server pretending it's yours
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of AXISHK

ASKER

Thx but how can I put this in my IMSVA gateway... We don't have any extra budget and need to implement by ourselves.
Use the quick record generator if you are going to do that. But DMARC I believe depends on SPF and DKIM, so better be sure to have those straight first.
The site I mentioned is very helpful. Please go through it patiently. It has helped us a lot.
Avatar of AXISHK

ASKER

Thx