Cisco Cisco Email Security Appliance X1050 Libro blanco
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 19 of 22
Remediating Free Email Account Abuse
Figure 19. Content Filter Remediation of Free Email Account Abuse
Figure 20. Sample of Remediated Free Email Account Abuse
Similar to the other filters, in Figure 20, Content Filter Remediation of Free Email Account Abuse, the X-Original-
From header receives the value of the original From before the value of From is stripped out. This is useful when
the recipient requests a reason for why the message was acted upon. You could also use X-Original-From to
address false positives.
Return-Path: <Chuck.Robbins@gmail.com>
Received: from smtp.alpha.com (smtp.alpha.com
[192.168.10.101])
by exchange.inside.com (8.13.1/8.13.1) with ESMTP id
u3ILKgcN032691
for <alan@exchange.alpha.com>; Mon, 18 Apr 2016
17:20:42 -0400
From: Chuck.Robbins@gmail.com
Received-SPF: Pass (smtp.alpha.com: domain of
Chuck.Robbins@gmail.com designates 192.168.10.116 as
permitted sender) identity=mailfrom;
Authentication-Results: smtp.alpha.com; spf=Pass
smtp.mailfrom=Chuck.Robbins@gmail.com; spf=None
smtp.helo=postmaster@smtp.gmail.com; dkim=pass
(signature verified)
X-Original-From: Chuck Robbins <Chuck.Robbins@gmail.com>
Subject: Email Security Customers[Spoof Attack]
To: Alan@exchange.inside.com
Received: from smtp.alpha.com (smtp.alpha.com
[192.168.10.101])
by exchange.inside.com (8.13.1/8.13.1) with ESMTP id
u3ILKgcN032691
for <alan@exchange.alpha.com>; Mon, 18 Apr 2016
17:20:42 -0400
From: Chuck.Robbins@gmail.com
Received-SPF: Pass (smtp.alpha.com: domain of
Chuck.Robbins@gmail.com designates 192.168.10.116 as
permitted sender) identity=mailfrom;
Authentication-Results: smtp.alpha.com; spf=Pass
smtp.mailfrom=Chuck.Robbins@gmail.com; spf=None
smtp.helo=postmaster@smtp.gmail.com; dkim=pass
(signature verified)
X-Original-From: Chuck Robbins <Chuck.Robbins@gmail.com>
Subject: Email Security Customers[Spoof Attack]
To: Alan@exchange.inside.com