Welcome Guest, Login or Sign up

Spoofing and Phishing Alert Zimlet

By: zetalliance

Spoofing and Phishing Alert Zimlet

If you find Spoof Alert Zimlet useful and want to support its continued development, you can make donations via: - PayPal: info@barrydegraaff.tk - Bank transfer: IBAN NL55ABNA0623226413 ; BIC ABNANL2A

This Zimlet can be used to help users to identify spoofing and thus offer protection against it. While some parts of this Zimlet work automatic, it is recommended you deploy it with a knowledgeable helpdesk to back it up.

This zimlet checks the result from Spam Assassin and alerts the user when certain tags are found. In addition it enforces the zimbraPrefShortEmailAddress setting to be FALSE as that allows the user to see the used email FROM address. The Zimlet also checks for suspicious characters in headers, like the NULL character etc.

I deployed the Zimlet in an organisation with 700 users, and pointed the alertmail property to the helpdesk ticket system, after a few weeks of increased tickets and configuring the ignorelistReplyTo and ignorelistReturnPath the number of false positives dropped, and now the alert is really valuable to the user.

Recommended security setting

This will help users to identify spoofed emails, this setting is also enforced per user when you enable this zimlet. For the default COS (remeber to set it for all your COS'es): zmprov mc default zimbraPrefShortEmailAddress FALSE

Automatically notify your helpdesk

You can have your users automatically submit suspicious mail to your helpdesk staff by configuring the alertmail property in config_template.xml.

Ignore trusted reply-to's

You can set trusted reply-to's by adding a semi-colon separated list in ignorelistReplyTo

Ignore trusted return-path's

You can set trusted reply-to's by adding a semi-colon separated list in ignorelistReturnPath

Updated for Zimbra 8.8.15

Helpful Links


Rating ( 5 ratings )
Downloads 2555
Latest Version 0.8
Categories Mail
Compatibility ZCS 8.7.x , ZCS 8.8.x
License No License Specified
Created on 3/30/15
Updated 2 days, 3 hours ago


  • Changing Notification Content 

    By: ibrahimayhans on on 5/12/20 for version 0.8

    /opt/zimbra/zimlets-deployed/tk_barrydegraaff_sa_alert/tk_barrydegraaff_sa_alert.properties I Replaced Content with Notification
    Only Original Templates Are Still Displayed In Lonely Messages ?

  • I have a few questions 

    By: ibrahimayhans on on 5/12/20 for version 0.8

    I Provided Zimlet Setup and Activated,
    I Activated Over COS But It Does Not Show Warning ?
    How Can I Change Notification Design On E-Mail Only ?
    To Which E-Mail Address Are SPAM Notifications Sent ?
    ignorelistReplyTo and ignorelistReturnPath Who Makes Adding to the Lists Here ?

  • Installed it but dont see anything? 

    By: JoeVolcano on on 4/14/20 for version 0.8

    Not sure what's wrong but all I see is the Zimlet enabled in my preferences.
    Not seeing any popups when I browse my spam dir...

    I see a LOT of Phishing telling me to click random forms.gle to get my user/password.
    Can I put in some url to trigger against in the code and warn me? Or is that not a feature here...

  • Thank Barry!  

    By: zimico on on 2/2/20 for version 0.8

    The zimlet works very well!

  • Thanks Barry! 

    By: ajcody on on 12/23/16 for version 0.3