We are receiving a large number of phishing emails where the sender name is changed to match a VIP in the org but the email address is external. Is there a way to block external emails with a specific from name using content policy? We are not concerned with the side effect of blocking legitimate messages from the user's personal email accounts.
Block Sender Using From Name
Posted 10 March 2020 - 11:10 AM
Not aware of a way to to this on the Barracuda - we ended up setting up rules on our mail server to handle this scenario.
Posted 10 March 2020 - 12:20 PM
you can make a HEADER content filter on the ESG like this
from: .*andrew warren
That will catch any email that comes in with a from line in the header that has your name
Please note however that if they use encoding in the FROM line to mask the content this will not work but it should catch the normal spoofer.
Product Lead Support Engineer
Barracuda Email Security