Knowledgebase
Quarantining emails suspected of being an imposter email threat

Proofpoint Essentials now offers protection against impostor email threats (also known as spoofing), business email compromise or CEO fraud. Suspected imposter emails are identified as inbound messages from the internet where the “from” domain is one of the company’s internal domains.

These messages can be quarantined for further review and released if appropriate. Organizations can also create exceptions in order to allow delivery of emails from approved senders, such as an externally delivered marketing communication.

To enable the impostor email detection setting for an organization:

  1. On the Company Settings tab click Spam
  2. Check the checkbox to the right of "Quarantine inbound email sent by active domains associated with this organization”
  3. Click Save

To enable the impostor email detection setting for an individual user:

  1. On the Users & Groups tab, click Users
  2. Click the name of the user that you wish to edit
  3. Click Spam
  4. Check the checkbox to the right of "Quarantine inbound email sent by active domains associated with this organization”
  5. Click Save

 

You may want to create exceptions in order to by-pass the impostor email detection setting. To do so you can add an entry to an organization safe sender list or create a custom filter. Sender lists support email addresses, domains and IP addresses. If you wish to identify emails using an alternate method, such as subject line or body content, you should create a custom filter.

By-pass the impostor email detection setting using the safe sender list:

  1. On the Company Settings tab click Sender Lists
  2. Type in the email address, domain (*@bobsbooksupplies.com, *@*.bobsbooksupplies.com) , or IP address you wish to allow. IP addresses may contain wildcards (e.g., 10.20.*.20, 10.*.*.*, 10.*.0.*) and CIDR notation (e.g., 10.0.62.0/24).
  3. Click Save

By-pass the impostor email detection setting using a custom filter:

  1. On the Company Settings tab click Filters
  2. Click New Filter
  3. Enter a name for the filter, such as “By-pass Imposter Email detection”, and click Continue
  4. Choose an option from the drop-down menu (such as Email Subject or Email Message Content)
  5. Choose the appropriate operator (IS, IS NOT, CONTAINS)
  6. Enter the terms you wish to use in order to by-pass the imposter email detection setting into the text field (for example if you want to target a newsletters sent by an external marketing service, you can use Email Subject IS Bob’s Books Supplies Newsletter)
  7. Select Allow from the drop-down menu to the right of Do
  8. Click Save

 

(13 vote(s))
This article was helpful
This article was not helpful

Comments (0)