I am using SMG 10.6.1-3 and currently I am receiving a lot of phising e-mails from accounts that claim to be from Apple using the domain suffix @emailapple.com
The legitimate domain suffix of Apple, through which notifications are send to users is @email.apple.com
However spoofing a domain is easy. So, I am trying to create a rule that uses both Local Good Sender IPs and Local Bad Sender Domains.
My solution is the following:
Blacklist both @emailapple.com (the fake one) and @email.apple.com (the real one, though easy to spoof)
Whitelist the entire 17.0.0.0/8 IP range that Apple uses.
Presumably, the whitelisting from Local Good Sender IPs will allow legitimate Apple messages to be delivered to the mailbox.
All other e-mails coming from either @emailapple.com or @email.apple.com from an IP other than 17.0.0.0/8 will be blocked.
Time will tell if this solution will keep phising e-mails out, I just wanted to share this idea in case someone has already done something similar and can provide feedback or comments.