Aug 26 2020
12:44 PM
- last edited on
Feb 07 2023
07:05 PM
by
TechCommunityAP
Aug 26 2020
12:44 PM
- last edited on
Feb 07 2023
07:05 PM
by
TechCommunityAP
I'm sure we are all dealing with a tremendous uptick in spam/spoof since Covid so what I am looking to do is combat the Display Name spoof. The typical scenario is a bad actor sends from a gmail account but changes the display name to one of our execs. Even though we train users on this and have the "Caution, external email" flag it still eats up time with chaos depending on how many are received.
What I would like to do is this: tell exchange to look at the display name and if it is one that I have flagged (one of the execs who gets spoofed a lot) it will only allow the email if it has our domain in the email id - all other domains will be blocked.
Is this possible? Thanks in advance!
Aug 27 2020 03:30 AM
SolutionYou can try a mail flow rule, although there is no "display name" condition available, so you'll have to go with "header matches" or similar.
Aug 27 2020 12:18 PM - edited Aug 27 2020 05:30 PM
Aug 27 2020 02:33 PM
@dgillespie-adf I have had success with the Impersonation policy under phishing wherein we tested with <Myname> myname@domain.com added to the list of users to protect and send an email from <Myname> xyz@somedomain.com . The policy detected it to be impersonation.
I wanted to test this safely with the Senior management email address and trying figure out a safe way to do that. documentation is here
Apr 08 2023 12:50 AM
Apr 09 2024 09:20 AM
@Vaman-Kini that's great until the threat actor finds a variation of the employees name and uses that. For example, on linked in an employee might have First Middle Last name. But in MS only have First and Last. You cannot enter another entry to include the middle name as you will get an "Email already exists" for that email account you're trying to protect.
Aug 27 2020 03:30 AM
SolutionYou can try a mail flow rule, although there is no "display name" condition available, so you'll have to go with "header matches" or similar.