I'm dealing with spam emails that are using Gmail but they fake the header to appear as if they're coming from our CEO. I'm wondering if email security services like Proofpoint or Harmony could help with this issue. My concern is that since Gmail has a good IP reputation, they might not be effectively filtered by these services. Currently, we're just using M365 Defender P1 or EOP level and some old, messy Exchange rules that are not very effective. Any advice would be appreciated!
7 Answers
Many top-notch spam filters effectively deal with impersonation emails, especially when linked to your organization’s authentication like Active Directory. They can cross-check incoming emails for verification against known employees.
One transport rule you could set up is to flag emails as external if their header shows they’re coming from an internal name. You could include a warning or even quarantine them altogether if you prefer a safer option. Just keep in mind that blocking might catch legitimate emails, so weigh your options carefully.
That's a solid plan. We opt for quarantining emails straight away to avoid any risks from potentially harmful messages.
Consider using Mimecast for impersonation protection; it's worth looking into if you're serious about filtering these types.
Your DfO P1 should suffice. Just ensure you’ve reviewed all your anti-phishing and anti-spam protocols, including enabling impersonation protection. No need for third-party services, although I do understand that handling filters through MS can be quite annoying to manage.
Nah, third-party services aren’t necessary if you fine-tune what you already have.
We've been using Harmony, and it does a great job at blocking impersonation attempts—definitely worth a try!
You should definitely look into enabling impersonation protection. Microsoft Defender for Office 365 has policies specifically for anti-phishing that can help you mitigate these types of impersonation attacks.
Still, you might want to focus more on blocking these emails than just warning users since not everyone grasps the difference in replying.