From Hornetsecurity we do our best to protect our users from spoofing and phishing campaigns by blocking impersonation attempts, to prevent frauds and sensitive information leaks.
We understand that sometimes warning the final users is not enough, and that companies could be interested into training and testing it's workers on how to detect phishing and impersonation attempts.
There are plenty of companies on the internet providing these types of courses, and some may ask you to allow through certain impersonated emails for training purposes, or to evaluate your users, to know if they would be able to detect and report potential fraudulent emails.
You could allow certain messages by creating Compliance Filter rules, to mark them as clean, and allowing them to be delivered to the users mailboxes, but doing so could be risky, if not done properly.
From support we will be more than happy to advise and/or help you creating these rules, as it's important to narrow the rule's criteria as much as possible, as we've seen cases where these rules were too generic and allowed real spoofing to go through.
In order to prevent that, we strongly suggest you to ask your course provider to share in advance a detailed document with the simulated campaign's details, specially concerning sending IP's and hostnames, addresses or domains involved in the header.from and envelope.from fields, and recipients.
Any additional information like specific header lines or key words present in the subject would help as well to create multiple criteria for the rule to trigger and allow these messages in.
As a guidance, the rule could look like this:
If you share this information with support, we will be happy to create a rule in your behalf, but we will leave it inactive, for you to double-check the rule and decide to enable it.
Important: Please understand that we won't make ourselves responsible in any case for potential negative outcomes, if any real impersonated or dangerous email is allowed by the rule.
Requisite: In case you'd like Support to create the rule, please reach us by email, as we won't be able to modify customer's configurations by phone or chat. The general support authorization policy applies.
Comments
0 comments
Please sign in to leave a comment.