Email Security uses multiple different test vectors to combat phishing messages destined to your server. The largest ones are the Spearphish test, Signature test, and Fingerprint test, although we have others that will hold or contribute weight towards the suspicious characteristics that phishing messages contain.
A few helpful practices:
1. Block (Hold via Filters > Domains) for your own domain name to help prevent spoofing and allow trusted external IP’s or reliable references from headers using mail rules for anything legitimate that originates from external sources.
2. Block (Hold via Mail Rules) for your own display names in the same scenario as above to prevent whaling and highly targeted spearphishing attempts that use your own names from different addresses. This is usually reserved for executives and finance staff that might be more heavily targeted by these attempts. However, any legitimate addresses that send from external sources using your name will have to be allowed preferably via IP or mail rules based on the headers.
3. Hold mail from countries you don’t plan or foresee conducting business with.