We are pleased to announce new enhancements to the Incoming – Blocking Filtering Rules module, including the possibility to easily configure a rule preventing spear phishing – CEO Fraud. 

This filtering rule allows you to enhance protection for high-value email addresses such as CEOs, CFOs, finance teams, etc. which are typical targets for social engineering attacks using a spoofed display name.

Over the next two weeks, we will be enabling the following options to enhance your experience in configuring rules to prevent spear phishing attacks:

Spear Phishing – new criteria available to configure a blocking filtering rule

For Incoming – Protection Settings , the Block list filtering rules module has been enhanced with “Spear phishing” criteria, offering the possibility to easily configure a blocking rule for the attackers posing as the CEOs, VPs or high-ranking executives.

For both Simple and Advanced Block list Filtering Rule modes, the “Spear phishing” match criteria only requires First Name and Last Name to define the rule blocking the messages that impersonate high-ranking roles in a company.

The rule configuration has been designed to offer the flexibility for the domains maintained to be excepted from this blocking rule (using Simple Block list Filtering Rule mode).

The messages, coming from the email addresses configured in such a rule, from the domains which are not maintained as excepted, will be quarantined with a specific Sub class value.

We recommend configuring the rule to prevent spear phishing – CEO Fraud for the email addresses of the high-ranking executives/roles.

We’ve also implemented the following improvements: 

• MMA-9647: Expose the inherited values for the excepted sending IPs and/or domains from the SPF/DKIM/DMARC checks, at the domain level. The sending IPs or domains excluded from these checks on the higher levels (cluster or/and admin) are displayed but not editable in the Manage list of domains and IP addresses with disabled SPF, DKIM, and DMARC checks page.

Changelog

Since the latest major release, we’ve fixed the following issues:

• MMA-9604: Fixed an issue related to DMARC disabled at default level not working.
• MMA-9884: Fixed an issue with Private Portal Policies not editable after removing Microsoft 365 Synchronization.
• MMA-9892: Fixed an issue related to Exim 4.94.2 in combination with kernel versions lower than 5.18 which cause delays when delivering to google because of TCP Fast Open connections.
• MMA-9978: Fixed an issue when skipping SPF (Domains, IPs) not working if this was configured at default domain level.
• MMA-9998: Fixed an issue related to DANE not working in Exim version 4.92.
• MMA-9910: Fixed an DMARC loading issue when the RUF mailbox was missing.
• MMA-9911: Fixed an issue with delivered messages still show as ‘queued’ in the UI.
• MMA-10011: Fixed an issue when the message action not working in the Protection Report.