How to control reverse DNS lookup through DNS SecurityLicense

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to control reverse DNS lookup through DNS SecurityLicense

L2 Linker

The user was trying to send a mail from internal to external domain but it is blocking by sinkhole because it is showing as malicious traffic, however, we are able to receive from that malicious domain, Can we block reverse mail from an external server to internal using DNS license. In my case, it has received.

 

Eg- User mail is test@abc.com and trying to send malicious domain i.e xyz@xyz.com ====blocked by sinkhole policy in NGFW

However, user test@abc.com received mail from malicious domain i.e xyz@xyz.com === can I control using DNS license.

 

User should not receive an email from any malicious domain so can I control in NGFW using DNS security.

 

Thanks and Regards,
OK.
1 REPLY 1

Cyber Elite
Cyber Elite

@OsamaKhan,

DNS really doesn't come into play when you receive an email from an outside email system*. If the IP itself is a known malicious address within any of the PAN lists you could configure a security policy blocking that traffic inbound (and you should), but on a shared/hosted email platform that's not going to be an option.

This is really a job for an email security gateway or a transport rule on your email system. Your firewall can do limited inspection on SMTP traffic and some basic filtering, but you're really going to want to have an actual email security product in place. 

 

* A lot of email security products and email systems will attempt to resolve the source address if properly configured to figure out if the source is in the SPF or DKIM records. That doesn't mean it's going to resolve back to mybaddomain.abc or anything like that, and that doesn't mean that all systems do that if they aren't configured to do so. 

  • 3400 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!