Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Stop receiving spam mails coming from spoofed senders in Hosted Email Security (HES)

    • Updated:
    • 4 Mar 2015
    • Product/Version:
    • Hosted Email Security - Inbound Filtering 1.9.8
    • Hosted Email Security 1.9.8
    • Hosted Email Security 2.0
    • Platform:
    • Not Applicable N/A
Summary

Know the different ways of configuring HES/HES - Inbound Filtering to stop receiving emails from spoofed senders. 

Details
Public

Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from a legitimate source when it actually was sent from a malicious one.

To stop receiving emails from spoofed senders, choose any of the following options:

  1. Make sure that the domain's MX record is properly redirected to HES / HES - Inbound Filtering. Refer to your HES / HES - Inbound Filtering Confirmation Email for the correct MX record for your account.
  2. Verify the action taken by HES/HES - Inbound Filtering on the spoofed email/s.
    1. Log on to the HES/HES - Inbound Filtering console.
    2. Go to Logs > Mail Tracking.
    3. Under Mail Tracking - Inbound Traffic, query the spoofed email address.

      mail tracking - inbound traffic

  3. Check if the spoofed sender is listed on the Approved Senders List on the HES / HES - Inbound Filtering console.

    If the spoofed sender is listed, remove the spoofed sender from the Approved Senders List.

    listed spoofed sender

    If not, check if the end-user is registered to the HES/HES - Inbound Filtering Web EUQ. If the owner of the spoofed address is registered to HES Web EUQ, make sure that the address is also not listed in the Web-EUQ Approved Senders list. To do this, you can:

    • Ask the owner of the spoofed email address.
    • On the HES / HES - Inbound Filtering console, go to Administration > End-User password and then query the email address.
  4. If a corporate firewall is in place, configure the firewall to allow only the HES/HES – Inbound Filtering IP ranges. Otherwise, proceed to the next step.
  5. Increase the aggressiveness of the Dynamic IP Reputation Settings.

    IP reputation aggressiveness

 
This only applies for HES Full version users only.

To create a policy for HES, refer to the following topic: Creating a New Rule.

This feature is available in version 2.0.

  1. Go to Sender Filter > Blocked Senders.

    Blocked Senders option

  2. Add all your known spoofed senders or any sender you want to be blocked. A sender can be a specific email address or all senders from a domain.

    Valid Formats:

    *@example.com
    *@server.example.com
    *@*.example.com

    Invalid Formats:

    *@*
    *@*.com
    name@*.example.com

HES/HES - Inbound Filtering users are also encouraged to send undetected spam to spam@support.trendmicro.com and undetected phishing emails to antifraud@support.trendmicro.com.

You can either:

  • Attach the spam sample to another email.
  • Or more preferably, compress it using WinZip (or any file compression tool) before attaching it to another email, instead of forwarding the spam mail, in order to keep the email headers intact. This way, Trend Micro would be able to detect these spam emails before they reach the inbox. Follow the steps below:
    1. Create a folder.
    2. Drag all undetected spam samples to the folder you created.
    3. Place the undetected spam samples in a zip file and password-protect it using the word "novirus" without the quotes.
    4. Send the zip file to spam@support.trendmicro.com.

    If the issue still persists, get the latest sample spoof emails and contact Trend Micro Technical Support. Include the following information:

    • Company name
    • Contact person
    • Email address
    • Domain(s)
    • IP address
    • Activation Code (HES / HES - Inbound Filtering)
    • New sample of spoofed emails.

    The spoof mail sample should be:

    • Preferably in .EML format. Use .MSG only as a last resort.
    • The original mail, not forwarded mails since forwarded mails do not contain the original email content and may contain customer-related information that could lead to False Positives.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1054329
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.