FortiMail: Preventing Email Spoofing

Imagine you receive an email from your manager’s email account ( with an urgent request:

What if that email isn’t from your boss? What if it’s from someone spoofing their name and address from outside of the organization? 

Thankfully, using Inbound Disclaimer, FortiMail can mark inbound messages with a warning to indicate it is originating from outside your organization:

This recipe guides you through the process of establishing inbound message warnings.



 Configuring Inbound Disclaimer Rule

To setup the inbound disclaimer rule

  1. Go to Domain & UserDomainDomain.
  2. Select the domain you wish to modify and then select Edit.
  3. Expand the Advanced Settings and select the Disclaimer link.
  4. Select “Use domain setting” from the Settings dropdown menu.
  5. Expand Incoming and enable “Insert disclaimer at”.
  6. Select “Start of message” from the dropdown menu.
  7. Select Edit to create the desired message for both HTML and plain text messages, for example, “Warning – External Email”.
  8. Select OK.