To block emails spoofing a specific email address or domain, you will need to first approve the sender. This is because when you want to block unauthorized emails from a given sender, that generally means that you do want to receive legitimate emails from that sender.
- Find a message from the sender in the clean mail view in SpamHero that you are confident was not spoofed.
- Click on "Approve sender". Our systems will then analyze the message and determine the source and authentication message used to send the message. This will help SpamHero automatically determine the sending patterns for the sender, so that the filter knows what can be used to distinguish between spoofed emails and legitimate ones.
- Inside the "Approved sender" dialog, click on Advanced and enable the Impersonation for domain spoofing option:
- If you notice any valid messages from the sender getting blocked, that means that the sender sends from an unauthenticated source. If that happens, repeat step 2 for every message that gets blocked that should not have and SpamHero will automatically add the additional unauthenticated sources.
Why can't I just flip a switch and block all spoofed messages?
Some valid messages offer no method of authentication at all, which makes it impossible to determine with certainty that a given email came from their domain or not. A majority of domains that implement DMARC have their policy set to "none", which essentially means that they are not confident that their own legitimate messages will consistently pass their own authentication.
That's why SpamHero allows you to identify sending patterns, so you can block spoofed messages even when the sending domain is lacking a consistent authentication method.