Protecting Against Email Impersonation in FortiMail

Creating an Impersonation Analysis Profile

First you will need to create an impersonation profile and add display names and email addresses to map.

1. Go to Profile > AntiSpam > Impersonation.
2. Select New to create a new profile.
3. Enter an appropriate profile name.
4. Select a domain from the Domain dropdown list. 
5. Select New in the Impersonation Entry section to add individuals within your business you know to be safe.
6. Enter the display name to be mapped to the email address.
7. Select Wildcard or Regular expression from the Pattern type dropdown list.
8. Enter the email address to be mapped to the display name.
9. Select Create and then Create once more.

Activating the Impersonation Profile

Now you’ll need to enable impersonation analysis in the antispam profile to check for mapping and then select the profile.

1. Go to Profile > AntiSpam > AntiSpam.
2. Select New or modify an existing profile.
3. Expand the Scan Configurations section and enable Impersonation analysis.
4. Select the desired action you wish the unit to take when it encounters the problem.
5. Select either Create or OK.
6. When you create an IP policy or recipient policy, choose the antispam profile that contains the impersonation analysis profile.

Configuring Dynamic Scanning

In addition to manually entering mapping entries and creating impersonation analysis profiles, FortiMail Mail Statistics Service can automatically learn and track the mapping.

To use the FortiMail manual/dynamic, or both,  impersonation analysis scanning, enter the following command:

config antispam settings
set impersonation-analysis dynamic manual

By default, FortiMail uses manual analysis only.

Also enable the FortiMail Mail Statistics Service with the following command. This service is also disabled by default:

config system global
set mailstat-service enable