Spear Phishing Protection

External Email

User Guide

Get started

Easily share documents without having to rely on email, or old file servers.


ExchangeDefender Spear Phishing protection can help organizations discern when a message has been sent from an external sender vs. coworker in the same organization.

Spear phishing relies on identity theft and clever formatting in order to get the user to click on a link that otherwise seems trustworthy. Most phishing scams start with an email that comes from a known source – boss, coworker, etc – and hackers bet that you’ll just recognize the name and click on whatever link/direction is provided in the email.

Hackers bet that if the message looks legitimate enough, you’ll click on it and not bother to look at the sending email address or where the link actually goes (instead of what is printed in the email). Once you click, you’re either prompted for your credentials or directed to malware that takes over your browser or computer.

ExchangeDefender Flag External Email and SureSPAM Block My Domain Spoofing policies can help organizations combat this problem by modifying the subject or quarantining the message if it looks suspicious.


ExchangeDefender detects when the message has arrived from the Internet vs. from within your organization. By enabling this policy, recipients will have the subject and header of the message modified (by including [EXTERNAL]) so that it’s visually obvious the message came from an external sender and warrants additional scrutiny. Phishing policies also allow you to insert your own warning at the top of the email, such as “This message was sent from outside of the company. Do not click on links or attachments unless you are expecting the message and trust the sender.”


While ExchangeDefender relies on SPF/DKIM and other email authentication protocols, hackers often exploit trusted public cloud services at Microsoft, Amazon, and Google and send their fakes from those networks, bypassing SPF/DKIM. ExchangeDefender can detect messages coming from outside of your organization with your domain name and promptly quarantine them to keep you safe.