NRD protection

ehartcoghlin — Mon, 06 Jan 2020 21:47:17 GMT

Will enabling an NRD URL filter be able to filter inbound SMTP connections and block for deny emails from a Newly Registered Domain or is it designed to simply block clients from connecting to URLs that have Newly Registered Domains? Is there any way to filter email for NRDs or is that the domain of a SPAM filter?

Re: NRD protection

BatD — Tue, 07 Jan 2020 09:24:42 GMT

@ehartcoghlin You are correct that the URL filtering will only work on client to server web traffic. It can only control users accessing particular domains, but not traffic initiated from those domain. The reason is that the firewall can only see the source IP in incoming traffic and URL filtering looks at the actual URL in the http headers.

Surely you can filter particular emails at the email server level or if you have the feed of IPs of NRDs, then you can import it as an dynamic IP list in the firewall and block SMTP traffic based on that list.

topic Re: NRD protection in Advanced Threat Prevention Discussions

NRD protection

Re: NRD protection