Messaging Gateway

I am using SMG 10.6.1-3 and currently I am receiving a lot of phising e-mails from accounts that claim to be from Apple using the domain suffix @emailapple.com
The legitimate domain suffix of Apple, through which notifications are send to users is @email.apple.com
However spoofing a domain is easy. So, I am trying to create a rule that uses both Local Good Sender IPs and Local Bad Sender Domains.

My solution is the following:
Blacklist both @emailapple.com (the fake one) and @email.apple.com (the real one, though easy to spoof)
Whitelist the entire 17.0.0.0/8 IP range that Apple uses.

Presumably, the whitelisting from Local Good Sender IPs will allow legitimate Apple messages to be delivered to the mailbox.
All other e-mails coming from either @emailapple.com or @email.apple.com from an IP other than 17.0.0.0/8 will be blocked.

Time will tell if this solution will keep phising e-mails out, I just wanted to share this idea in case someone has already done something similar and can provide feedback or comments.

Hi,

Quite interesting your thoughts. I personaly try to avoid these kind of specials (blacklisting, other rule is passing on) - they can lead to false positives, but thats just my personal opinion.

Back to your case: Why arent you just blacklist emailapple.com as a local bad sender domain and done? email.apple.com is using spf - so you can detect domain spoofers.

Regards

Thomas