Think you have a false positive on this rule?

Sid 1-45116


SERVER-MAIL Multiple products non-ascii sender address spoofing attempt


This event is generated when an attacker attempts to spoof their FROM mail address.


Email phishing


CVSS base score

CVSS impact score

CVSS exploitability score

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed information

Rule checks for an attempt to spoof their FROM email address using non-ASCII encoded values. CVE-2018-0819: Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac."

Affected systems

Ease of attack


False positives

Not known

False negatives

Not known

Corrective action


  • Cisco's Talos Intelligence Group

Additional References