Cisco Cisco Email Security Appliance X1050 Libro blanco
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 22
Table of Contents
What You Will Learn ................................................................................................................................................ 1
The Problem of Forged Email ................................................................................................................................. 3
Anatomy of a Forged Message and Its SMTP Details ........................................................................................... 4
Forged Email Detection Workflow .......................................................................................................................... 5
Forged Email Detection Decision Tree .................................................................................................................. 5
General Best Practices to Prevent Spoofing ......................................................................................................... 6
Host Access Table Modification to Prevent Spoofing ............................................................................................ 7
Forged Mail Resolution ........................................................................................................................................... 7
Monitor .................................................................................................................................................................. 8
Warn ..................................................................................................................................................................... 8
Enforce ..................................................................................................................................................................... 9
Addressing Envelope From Abuse ...................................................................................................................... 10
Verifying Remediation of Envelope From Abuse ................................................................................................. 11
Addressing From Header Abuse .......................................................................................................................... 12
Remediating From Header Abuse ....................................................................................................................... 13
Addressing Cousin Domain Abuse ...................................................................................................................... 16
Remediating Cousin Domain Abuse ................................................................................................................... 17
Free Email Account Abuse ................................................................................................................................... 17
Remediating Free Email Account Abuse ............................................................................................................. 19
Comprehensive Configuration to Address All Listed Spoofing Types ............................................................. 20
Next Steps .............................................................................................................................................................. 22