It would be impossible to be anymore of a newbie than I am dealing with SA and rules etc..etc.. I am having an issue and have searched high and low on the net and I get some info that sort of seems to answer the question, but to this point nothing is working to fix my issue... so... please help, anyone?
One particular problem I have been having with a client site is a spoofed "reply to" input. Actually let me show you an example.
From: rh60 [email protected]
Date: June 30, 2021 at 3:56:29 AM EDT
To: [email protected]
Subject: New Message From Real Domain
Reply-To: ""rh60"" [email protected], rh60 [email protected]
If you look above you will see I have changed the client's actual domain to "realdomain.com" for this email. But in the "FROM" field it is showing a legit email address from within their domain. The "TO" field is also legit.
The only thing that is clearly wrong is the first entry in the "REPLY TO" line you can see the spammers actual email or a placeholder.
My question is can I set up a rule that would filter a message like this as SPAM and have it not go to the client? For this ONE particular client as they would NEVER send an email with TWO reply-to addresses in one email.
I am completely clueless as to how to go about this, can I put some sort of wildcard in a rule so if there are TWO addresses in the reply-to it is spam? Can the rule be set PER domain... sorry not joking about being new.
Thoughts?
