Forum Discussion

dgillespie-adf's avatar
dgillespie-adf
Brass Contributor
Aug 26, 2020

Block Display Name Spoof in EAC

I'm sure we are all dealing with a tremendous uptick in spam/spoof since Covid so what I am looking to do is combat the Display Name spoof.  The typical scenario is a bad actor sends from a gmail account but changes the display name to one of our execs.  Even though we train users on this and have the "Caution, external email" flag it still eats up time with chaos depending on how many are received.

 

What I would like to do is this: tell exchange to look at the display name and if it is one that I have flagged (one of the execs who gets spoofed a lot) it will only allow the email if it has our domain in the email id - all other domains will be blocked.

 

Is this possible?  Thanks in advance!

  • You can try a mail flow rule, although there is no "display name" condition available, so you'll have to go with "header matches" or similar. 

  • You can try a mail flow rule, although there is no "display name" condition available, so you'll have to go with "header matches" or similar. 

      • Vaman-Kini's avatar
        Vaman-Kini
        Brass Contributor

        dgillespie-adf   I have had success with the Impersonation policy under phishing wherein we tested with <Myname> myname@domain.com added to the list of users to protect and send an email from  <Myname> xyz@somedomain.com . The policy detected it to be impersonation. 

         

        I wanted to test this safely with the Senior management email address and trying figure out a safe way to do that.  documentation is here 

Resources