Description
To fight against email impersonation, map high valued target display names is possible with correct email addresses and FortiMail can check for the mapping.
For example, an external spammer wants to impersonate the CEO of a company(ceo@company.com).
The spammer will put 'CEO ABC <ceo@external.com>' in the Email header From, and send such email to a user(victim@company.com).
If FortiMail has been configured with a manual entry 'CEO ABC"/"ceo@company.com' in an impersonation analysis profile to indicate the correct display name/email pair, then such email will be detected by impersonation analysis, because the spammer uses an external email address and an internal user's display name.
This article describes how to manually configure the email impersonation analysis/business email compromise settings.
Solution
1) From GUI, go to Profile -> Antispam -> Impersonation.
2) Create a new impersonation profile as below.
FortiMail will apply the configured action to the email because the email is detected by impersonation analysis.
To fight against email impersonation, map high valued target display names is possible with correct email addresses and FortiMail can check for the mapping.
For example, an external spammer wants to impersonate the CEO of a company(ceo@company.com).
The spammer will put 'CEO ABC <ceo@external.com>' in the Email header From, and send such email to a user(victim@company.com).
If FortiMail has been configured with a manual entry 'CEO ABC"/"ceo@company.com' in an impersonation analysis profile to indicate the correct display name/email pair, then such email will be detected by impersonation analysis, because the spammer uses an external email address and an internal user's display name.
This article describes how to manually configure the email impersonation analysis/business email compromise settings.
Solution
1) From GUI, go to Profile -> Antispam -> Impersonation.
2) Create a new impersonation profile as below.
3) Apply the new impersonation profile into the anti spam profile.
4) Make sure to also apply the anti spam profile into the policy accordingly.
Result.
FortiMail will apply the configured action to the email because the email is detected by impersonation analysis.
As the spammer uses an external email address and an internal user's display name.
