Cisco Cisco Email Security Appliance C170 Weißbuch
© 2016 Cisco and/or its affiliates. All rights reserved.
4
Cisco Forged Email Detection (FED) Settings
Step 1. Identify the users in your organization (for example, executives)
whose messages are likely to be forged. Create a new content
dictionary and add the names of the identified users to it. While creating
a content dictionary:
a. Enter the name of the user and not the email address. For
example, enter “Olivia Smith” instead of “
”.
b. Do not configure Advanced Matching and Smart Identifiers.
c. Do not choose weight for the terms used.
d. Do not use regular expressions.
c. Do not choose weight for the terms used.
d. Do not use regular expressions.
To create a dictionary, select: Mail Policies > Dictionaries > Add
Dictionary
Figure 2 shows a sample dictionary.
Figure 2. Dictionary
Step 2. Create an incoming content or message filter to detect forged
messages and the actions that the appliance must take on such
messages.
a. To create a Content Filter, select: Mail Policies > Incoming Content
Filters > Add Filter.
b. Use the following:
Condition/Rule: Forged Email Detection
c. Select the dictionary that you just created. In our example, our
dictionary name is FED.
d. Click OK (See Figure 3.)
Figure 3. FED Condition
Step 3. Add the FED Action
a. Click: Add Action
b. Select: Forged Email Detection
c. Click OK (See Figure 4.)
b. Select: Forged Email Detection
c. Click OK (See Figure 4.)
Cisco Email Security How-To Guide
How-To Enable Forged Email Detection
Cisco Public