Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

TMEMS Guidance on Business Email Compromise (BEC) and General catching of impersonation mails

    • Updated:
    • 20 Apr 2021
    • Product/Version:
    • Trend Micro Email Security 1
    • Platform:
    • N/A
Summary
TMEMS Guidance on Business Email Compromise (BEC) and General catching of impersonation mails
Details
Public
There are kind of two different technologies being discussed here (Business Email Compromise (BEC) and Anti-spoofing) and while they are somewhat connected they are also distinct in their own right.

In relation to BEC. BEC uses the High Profile Users to determine what accounts are applied extra BEC analysis. BEC is an extra layer of SPAM analysis that contains additional engines and features such as 'Writing Style Analysis' and is specifically designed to protect a specific user base of High Profile Users. The High Profile Users list gets an extra level of protection and due to the overheads involved it is limited to I believe 200 users.

Below is the documentation available in the online Help related to BEC and High Profile Users.
https://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security-online-help/configuring-policies/about-rule-target-cr/configuring-spam-fil/configuring-bec-crit.aspx
https://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security-online-help/inbound-and-outbound/business-email-compr/configuring-high-pro.aspx

In relation to general prevention of spoofing that is not necessarily a BEC function (although as the developers advised us BEC analysis does as part of its solution take account of SPF settings). Anti-spoofing for the general user is more designed around implementing technologies such as SPF, DKIM and DMARC.

Below is the documentation available in the online Help related to Domain-based Authentication.
https://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security-online-help/inbound-and-outbound/domain-based-authent_001.aspx


There is a very good section in the Best Practice Guide that deals specifically with addressing spoofed emails that are worth taking note of. See section 3.3 'Spoofed E-mail Protection' which is quite comprehensive in talking about SPF,DKIM and DMARC as well as implementing policies.
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000283015
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.