Skip to content

Sender check

Header anomaly

The Header anomaly check protects you from senders spoofing emails from your own domain.

Header anomaly detects messages sent from your domain but originating from an external domain. This is done by checking the From header of the email against the recipient domain, and the MAIL FROM address in the envelope.

  • If the domain in the From address matches the recipient's domain, the mail is considered to be spoofed.
  • If the From address in the header is different to the From address in the envelope, the mail is considered to be spoofed.

Note

The header needs to match both the criteria above to trigger the Header anomaly check.

You can control what happens to messages that fail the Header anomaly check.

Select from:

  • Tag subject line: Email Security adds a tag to the message's subject line indicating that it is a spoofed message. This is the default value.
  • Quarantine: Message is quarantined.
  • Reject: Message is rejected.
  • Deliver: Message is delivered to the next stage.

Domain anomaly

Domain anomaly detects messages that appear to be sent from a domain that has neither an MX record nor an A record.

You can control what happens to messages that fail the Domain anomaly check.

Select from:

  • Tag subject line: Email Security adds a tag to the message's subject line indicating that it is a spoofed message. This is the default value.
  • Quarantine: Message is quarantined.
  • Reject: Message is rejected.
  • Deliver: Message is delivered to the next stage.