Phishing/scam email filter - allow admin filter to block fake sender names (match sender name and email to local directory name)
Let's say the boss is John Doe with email johndoe@GFI.com.
A scammer sends an email from John Doe with email johndoe@GMAIL.com to the CFO, asking him to wire transfer $10,0000.
The CFO does the wire transfer, because the scammer made the sender name be his boss' name, John Doe, which is all the CFO sees (unless he hovers his mouse over the sender name, or looks at the mail headers).
Solution is a two-part rule, which the user account filter allows but the admin custom rules does not:
sender name is John Doe
sender email is NOT firstname.lastname@example.org
This simple rule would pretty much block all phishing attempts using local user names.
Bonus option: if you could just have the Connect server match directory names to email addresses, this would then automatically work for ALL accounts on the server, no need to manually create this rule for multiple accounts (but in reality, it's usually only CEO accounts that are being faked this way).