Vircom Portal - Security - Self Trusted

Created by Yves Lacombe, Modified on Fri, 27 Aug 2021 at 03:44 PM by Yves Lacombe

Alert: Self Trusted

Type: Security

Text in alerts email:  

Case #1

User is trusting all emails from

Case #2

User is trusting all emails from

Why is self-trusting a bad thing?

Simple, people who send phishing emails will often impersonate people in the company either through the friendly name part or by simply impersonating your own domain.  

Note that SPF doesn't protect you necessarily because SPF is meant for the SMTP transaction MAIL FROM statement and not the header FROM.  An attacker could simply put an SMTP MAIL FROM of a domain that has a proper SPF record but put FROM: in the header from.

If say, is trusting his own email address, it means anybody can send him an Email with FROM: in the from field.  So it's pretty important NOT to self-whitelist.  

Proofpoint no longer allows end-users to self-trust however this interdiction was only put in place in late 2020 ... so anybody with a trusted list that pre-dates that may have self-trusting entries.

There are two cases possible:

Self-trusting (bad) and trusting someone else in the organization (not as bad but still bad).

How do I clean those up?

You can use the vircomportal self-trusted cleanup. (link)