How large is the organization? Is a short period where all inbound mail is moderated a possibility to both block malicious messages and harvest the domains in use?
Is there any sort of Barracuda/IronPort type filtering in place? You might be able to do something at that point in the mail flow. On Tue, Jul 28, 2015 at 6:57 AM, Patrick Whiteside < [email protected]> wrote: > We have a client who is under a fairly targeted attack and it doesn’t > seem to be abating. They’ve asked us to see if we can help to limit their > exposure. > > > > One of the things that has proven to be most dangerous is the attacker > controlling domains that are similar to their actual mail domain (and using > this to spoof email). > > > > We are in the process of occupying as many of the obvious additional > domains as possible but due to the nature of the URL it’s quite susceptible > to deliberate typos and letter transposition, at which point, with the 1000 > odd TLD’s available, buying all the domains becomes a fairly significant > outlay. > > > > What I’m wondering is; is it possible to apply a filter in Exchange 2010 > to inbound mail to reject email that matches a specific string/set of > strings/regular expression? If so how? > > > > Thanks, > > Patrick > > > > > > Patrick Whiteside* |* Senior Engineer > > > > *T | 0845 458 00 90* > > F | 0870 421 59 24 > > W | blue256.co.uk > > > *Head Office | Saxon House, Hellesdon Park Road, Norwich, NR6 5DR*This > email is confidential and may well also be privileged. If you have received > it in error you are on notice of its status. Please notify us immediately > by reply email and then delete this message from your system. Please do not > copy it or use it for any other purpose, or disclose its content to any > other person. To do so could be a breach of confidentiality. All emails and > any attachments are believed to be virus free, however, all emails should > be virus checked before being downloaded and we accept no responsibility > therefore. Please contact our offices on 0845 458 00 90 or email > [email protected] if you need assistance. > > > > Blue256 Limited Registered Office: Saxon House, Hellesdon Park Road, > Drayton High Road, Norwich NR6 5DR > Company Registration Number: 05015705 > Company Registered in England and Wales > > > >
