"[EXTERNAL]" indicator for incoming emails outside of organization

msbt

A company I work for recently prepended/added an [EXTERNAL] text in the mail body if a message was sent from outside the organization (+ some whitelisted domains like trello.com and others that regularly send emails). This should prevent CEO fraud / spear phishing attacks, in case anyone wants to impersonate someone from the company.

They're using Office 365 for that, not sure if this is something we need because Cloudron itself already has a variety of security measures, but could be a nice addition, especially if a company grows fast.

Further reading:
https://o365reports.com/2020/03/25/how-to-add-external-email-warning-message/
https://evotec.xyz/creating-visual-indicators-for-spoofed-external-emails-with-powershell/

girish

My initial reaction was that we can add a sieve rule for this (by matching from address). But I think implementing this at mail server level is probably better since only the mail server knows if the mail truly came from outside.

msbt

Aye, probably better to have a ui in box to enable/disable and whitelist domains. I don't have a corporate customer waiting for that, I just thought I left the suggestion here for the future, maybe it could be added when something else in that department is touched.