Add warning text to non-local inbound E-Mail

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
PaperAdvocate
Posts: 16
Joined: Tue Oct 11, 2016 9:28 pm

Add warning text to non-local inbound E-Mail

Postby PaperAdvocate » Tue Oct 18, 2016 11:45 pm

We've been seeing increased attempts at "spear phishing" for some of our clients.

They use intimate knowledge of company relationships and known nicknames around the company to impersonate an individual and then ask for a wire transfer. They're using the right contacts and the right $ amount to get something to possible go through. Their sending address appears to be from within the company but our external spam filter shows it's from outside the company and from a different domain but lands in the recipients mailbox with the spoofed address.

I've seen a warning text added to E-Mail that doesn't originate from within a companies local mail server. It's ugly since replies to the sender will include this as well (as they were marked during the inbound process) but I'm curious if such a thing is possible with Zimbra.

One of our clients that uses Office365 has such a feature but I haven't seen it elsewhere.

An example of the prepended text which goes above the message body is this:

Attention: This email was sent from someone outside of Company Name. Always use caution when opening attachments or clicking links from unknown senders or when receiving unexpected emails.

Thank you.


tonyhaley
Posts: 3
Joined: Sat Sep 13, 2014 3:13 am

Re: Add warning text to non-local inbound E-Mail

Postby tonyhaley » Thu Apr 05, 2018 1:16 pm

Hi,

Did you ever get anywhere with this query?

Very interested in the facility myself.

Regards,
Tony
PaperAdvocate
Posts: 16
Joined: Tue Oct 11, 2016 9:28 pm

Re: Add warning text to non-local inbound E-Mail

Postby PaperAdvocate » Mon Apr 09, 2018 4:28 pm

Hello Tony,

No, not yet, it's been put on the back burner as there was no obvious solution.

Attempting it via altermime or avamvis were looked into but we didn't want to modify the stock Zimbra files so now we're looking at adding this via our external SPAM filter (which uses Postfix so altermime is an option there).

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 24 guests