Messaging Gateway

Hello,

I would like to use variables in my content rules.
For example would I like to know, whether the Header From or the message body contains the SMTP From.

Say, I receive an e-mail that is verifiably SMTP From hotmail.com, but the (unverified) Header From contains something like "id-support@apple.com". This is obviously fake, but the user would not see the fake unless he looks into the message source.
Maybe I could prepend the subject with something like:
"Verified sender is: %SMTPFrom%"
?

I cannot find anything about the use of variables for some things like this in documentation. Is that possible?
Does it even make sense?

Does anybody see another means to this end?

Thanks for any thought,

Manuel

P.S: I am not only new to this community, but also relatively new to SMG. Please be gentle and explain slowly ;)

The Messaging Gateway does not have the functionality to compare values as you are describing.

There is no direct way to compare the from: and mail from: fields. The best way to prevent spoofing is to enable sender authentication (SPF, SenderID, DKIM and DMARC).

The Messaging Gateway 10.7.4 Administration Guide has instructions on how to use the feature.

------------------------------
Strategic Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 02-03-2021 10:03 AM
From: Manuel Nientit
Subject: How to check for content of one message part in another message part

Hello,

I would like to use variables in my content rules.
For example would I like to know, whether the Header From or the message body contains the SMTP From.

Say, I receive an e-mail that is verifiably SMTP From hotmail.com, but the (unverified) Header From contains something like "id-support@apple.com". This is obviously fake, but the user would not see the fake unless he looks into the message source.
Maybe I could prepend the subject with something like:
"Verified sender is: %SMTPFrom%"
?

I cannot find anything about the use of variables for some things like this in documentation. Is that possible?
Does it even make sense?

Does anybody see another means to this end?

Thanks for any thought,

Manuel

P.S: I am not only new to this community, but also relatively new to SMG. Please be gentle and explain slowly ;)

Hi Steven,

as far as I see it, you can be authenticated in DKIM and SPF and still be spoofing, because there is no alignment.*
DMARC would check alignment, but only if the sender has implemented a DMARC-Policy. A fake sender would not do such thing.

So how can I emulate sender alignment checking without DMARC?

* SenderID produces a lot of false positives. My assumption is, that it is not relaxed enough about subdomains. Can you confirm that?
Say the Header.From is mail@news.example.com
SMTP.From, too.
example.com matches via SPF, but SenderID produces a fail.
This makes SenderID checking useless.

Thanks for you thoughts.

Manuel
Original Message:
Sent: 02-08-2021 11:30 AM
From: Steven R
Subject: How to check for content of one message part in another message part

The Messaging Gateway does not have the functionality to compare values as you are describing.

There is no direct way to compare the from: and mail from: fields. The best way to prevent spoofing is to enable sender authentication (SPF, SenderID, DKIM and DMARC).

The Messaging Gateway 10.7.4 Administration Guide has instructions on how to use the feature.

------------------------------
Strategic Support Engineer
Broadcom

Original Message:
Sent: 02-03-2021 10:03 AM
From: Manuel Nientit
Subject: How to check for content of one message part in another message part

Hello,

I would like to use variables in my content rules.
For example would I like to know, whether the Header From or the message body contains the SMTP From.

Say, I receive an e-mail that is verifiably SMTP From hotmail.com, but the (unverified) Header From contains something like "id-support@apple.com". This is obviously fake, but the user would not see the fake unless he looks into the message source.
Maybe I could prepend the subject with something like:
"Verified sender is: %SMTPFrom%"
?

I cannot find anything about the use of variables for some things like this in documentation. Is that possible?
Does it even make sense?

Does anybody see another means to this end?

Thanks for any thought,

Manuel

P.S: I am not only new to this community, but also relatively new to SMG. Please be gentle and explain slowly ;)