Good day All,
I wanted to reach out regarding efforts to further prevent Phishing Email Messages that are bypassing the following Email Services;
- Anti-Spam, including Sender Policy Framework.
- Anti-Malware.
The scenario is as follows;
- Inbound Email Message, sent from an External Source, destined to Company Internal Email Addresses / Destinations.
- The Inbound Email Message has a Spoofed From Address.
- The Email Message contains an ".HTM" attachment.
- The ".HTM" attachment contents has references to External Web Addresses that are Malicious.
The experince is as follows;
- The Inbound Email Message is successfully received into the Internal Email Address / Destination mailbox.
- The Company Perimeter Web Protection then identifies the Outbound Browser Request, after the ".HTM" file is opened, as being Malicious.
The required Solution;
1. How would you prevent / block Inbound Email Messages that have a Spoofed From Address?
-- SPF is not an option as the Domain being used in the Spoof does not contain a SPF record...
2. Is it not an option to perform a check, comparing the Inbound Email Address "FROM" Address with the "RETURN-PATH" Address?
All comments are welcome and will be appreciated.
Thanks.