In individual cases, the configured Targeted Fraud Forensic Filter can cause an expected email to be stopped because of this filter and blocked as an AdvThreat. The TFFF strikes at all users of a customer - precisely when one of the persons in the TFFF group writes from an unknown address or is "imitated". This is to prevent someone from pretending to be the CEO, for example, and requesting payment from any employee in the company.
You can recognize this by the reason "impersonation attempt by customer policy".
In the Control Panel, you will always find a reason for the categorization of the e-mail.
You have the following two options for displaying the reason.
- You can use the small cogwheel on the right-hand side of Email Live Tracking to display additional columns. There you can also select the "Reason" column and always have an overview.
- You can also find the reason in the details of an email. To do this, select the email, click on "Info" and you will find an overview of the selected email in the details. You can find further information here: Extended Email Information
Follow the steps below to carry out whitelisting:
- Log in to the Control Panel as an administrator
- Navigate to the customer's domain via the scope selection at the top right
- Select the menu item Deny & Allow Lists
- Press the +Add entry button
- Now enter the owner. If the field remains empty, the entry is active for the entire domain. An individual user can also be entered in the field.
- You can define the value under Type. "Email address" must be selected for this type.
- Enter the value to be allowed in the Value field. (e-mail address to be blocked)
- Under Bypassed filters, check the Targeted Fraud Forensic Filter box and an additional input field will appear.
- Select the user from the TFFF group that is "imitated".