Display Name Detection
This article explains how you can create a rule to detect unusual patterns in the display name; the area that shows who sent the email in most email clients. For example, some spammers will try and confuse filtering systems by using your real domain name inside the display name to try and convince the recipient the message is internal or genuine.
To set up the rule:
- Navigate to Products, Email Security and click Custom Rule Data.
- Click the New and then Rule RegEx option.
- Enter a meaningful name for the rule data, such as Display Name Detection.
- Craft a suitable regular expression to detect your domain name(s) in the From header and Save the new rule data entry. The following example assumes your domain name is acme.com.
You can specify any type of pattern, for example if you prefer to detect based on a keyword e.g. IT-Admin
You can include multiple entries separated by the pipe
- Navigate to the Message Rules section.
- Click the + icon to add a new rule.
- Enter a meaningful name for the new rule, such as Display Name Detection.
- Add or drag the Direction tile into the Conditions column and configure it to use Inbound value.
- Add or drag the Header Exists tile into the Conditions column and configure it to use the Match option and select the rule data saved in step 4.
- Add or drag the Add to Spam Score tile into the Actions column and configure it to set the value 145.
- Click Save.
- Drag the new rule to above Confirmed Phishing or Confirmed Spam to activate it in your mail flow.
The completed rule should look like this: