Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

"[EXTERNAL]" indicator for incoming emails outside of organization

Scheduled Pinned Locked Moved Feature Requests
emailfeature-request
3 Posts 2 Posters 209 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    M Offline
    msbt App Dev
    wrote on last edited by girish
    #1

    A company I work for recently prepended/added an [EXTERNAL] text in the mail body if a message was sent from outside the organization (+ some whitelisted domains like trello.com and others that regularly send emails). This should prevent CEO fraud / spear phishing attacks, in case anyone wants to impersonate someone from the company.

    They're using Office 365 for that, not sure if this is something we need because Cloudron itself already has a variety of security measures, but could be a nice addition, especially if a company grows fast.

    Further reading:
    https://o365reports.com/2020/03/25/how-to-add-external-email-warning-message/
    https://evotec.xyz/creating-visual-indicators-for-spoofed-external-emails-with-powershell/

    1 Reply Last reply
    2
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #2

    My initial reaction was that we can add a sieve rule for this (by matching from address). But I think implementing this at mail server level is probably better since only the mail server knows if the mail truly came from outside.

    1 Reply Last reply
    2
  • M Offline
    M Offline
    msbt App Dev
    wrote on last edited by
    #3

    Aye, probably better to have a ui in box to enable/disable and whitelist domains. I don't have a corporate customer waiting for that, I just thought I left the suggestion here for the future, maybe it could be added when something else in that department is touched. 😉

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.