GEOIP filtering / filtering based on Country source

Created by Yves Lacombe, Modified on Tue, 2 May, 2023 at 4:29 PM by Yves Lacombe

ISSUE


You want to reduce your security footprint, and some of the big sources of malware/phishing are often state-supported so as a policy, you'd like to block nations like China or Russia because you do not want to have any emails originating from those places.  So - is it possible to block based on country?


ANSWER


Yes it is -- with Proofpoint Essentials, you can create GEOIP-based rules where you identify the countries you want mail from and reject anything else or identify the nations you don't want to see mail from at all.


Here's an example:


If your business only deals with North America for instance, you could simply block anything not coming from USA, Canada and Mexico. 




Now normally we add another action "Require Admin Release" but in this case, your milleage may vary.  You might have a handful of people from other countries emailing you legitimately, so you may want to allow your end users to release those.


Here's the same rule, but with a few senders added as exceptions:



GEOIP blocking is a powerful tool that can drastically shrink your security footprint.