Enabling the internal executive spoofing check

To enable the internal executive spoofing check:

Steps

  1. Select Apply internal executive spoofing check to these names.
  2. Click the these names link to configure the list of executive and their approved email addresses:
    • Click Add, and enter a first name and last name (both fields are required). Various combinations of the name are protected (for example, “John Smith” as well as “Smith, John”).
    • Enter a list of approved email addresses for the executive, separated with a comma or a line break. This list should include any addresses the executive uses, including work or personal addresses.
    • Click Add to repeat the process for each executive whose name and addresses you wish to check. Click Save when finished.
    Tip: Where executives may use various spellings of a first name (for example Elizabeth/ Liz, David/Dave), add multiple name entries for the user. Each entry should include a duplicate set of allowed email addresses for the user.
  3. Select an action to perform on messages detected as potentially spoofed. The options are:
    • Quarantine: This is the default option. Messages are kept in quarantine for up to 30 days.
    • Discard: Spoofed messages are discarded.
    • Tag subject with: The subject line of spoofed messages are tagged with a custom tag that you enter.

    Messages detected as spoofing named executives will be logged as “Spoofed- Targeted”. Messages quarantined for this reason will be excluded from end users’ Personal Email Subscription reports, in order to prevent users from inadvertently acting upon a targeted phishing message.