Email Security 9.0 Admin Guide


The Anti-Phishing page allows you to protect your organization from email messages with fraudulent content, intended to steal consumers’ personal identity data and financial account credentials. This chapter contains the following sections:

Anti-Phishing Overview

There are two audiences for fraud:

Consumer phishers try to con users into revealing personal information such as social security numbers, bank account information, credit card numbers, and driver’s license identification. This is known as identity theft. Recouping from having a phisher steal your identity can take many hours and can cost consumers many dollars. Being phished can bring your life to a virtual standstill as you contact credit card companies, banks, state agencies, and others to regain your identity.
Enterprise phishers attempt to trick users into revealing the organization’s confidential information. This can cost thousands of executive and legal team hours and dollars. An organization’s electronic-information life can stop abruptly if hackers deny services, disrupt email, or infiltrate sensitive databases.

Phishing aimed at the IT group in the organization can take the following forms:

Email that appears to be from an enterprise service provider, such as a DNS server, can cause your organization’s network to virtually disappear from the Web.
Hacking into your Website can cause it to be shut down, altered, or defaced.
Email might request passwords to highly sensitive databases, such as Human Resources or strategic marketing information. The email might take the form of bogus preventive maintenance.
Other information inside the organization’s firewall, such as Directory Harvest Attacks (DHA) to monitor your users.

Phishing can also take the form of malicious hackers spoofing your organization. Email is sent that appears to come from your organization can damage your community image and hurt your customers in the following ways:

Spoofed email can ask customers to confirm their personal information.
Spoofed email can ask customers to download new software releases, which are bogus and infected with viruses.

Configuring Phishing Protection

To configure Email Security for phishing:
Navigate to the Anti-Phishing page of your Email Security solution.
Select which action to take for messages identified as Definite Phishing. For more information about available actions, see the following table:



No Action

No action is taken for messages.

Permanently Delete

The email message is permanently deleted.

CAUTION: If you select this option, your organization risks losing wanted email. Deleted email cannot be retrieved.

Reject with SMTP error code 550

The message is rejected and responds with a 550 error code, which indicates the user’s mailbox was unavailable (for example, not found or rejected for policy reasons).

Store in Junk Box
(default setting)

The email message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. This option is the recommended setting.

Send To

Forward the email message for review to the specified email address. For example, you could “Send To [postmaster].”

Tag With

The email is tagged with a term in the subject line, for example [PHISHING] or [LIKELYPHISHING]. Selecting this option allows the user to have control of the email and can junk it if it is unwanted.

Add X-Header

This option adds an X-Header to the email with the key and value specified to the email message. The first text field defines the X-Header. The second text field is the value of the X-Header.

For example, a header of type “X-EMSJudgedThisEmail” with value “Fraud” results in the email header as:

Select which action to take for messages identified as Likely Phishing.
Select the Allow users to unjunk phishing messages check box if you want to allow users to unjunk fraudulent messages.
To send copies of fraudulent email messages to a person or people designated to deal with them, enter the recipients’ email addresses in the Send copies of emails containing phishing attacks to the following email addresses text box. Separate multiple emails addresses with a comma.
Click Apply Changes.