Is there any way to combat spoofed e-mail?

Hello,

It looks as if someone, or something, is spoofing our company url - I hope that I am using that term correctly. To elaborate, we are receiving literally hundreds of "undeliverable" mail messages each day addressed to fake members of our staff. Here is an example:


Your message did not reach some or all of the intended recipients.

      Subject:      Your Account is Suspended
      Sent:      7/7/2005 7:08 AM

The following recipient(s) could not be reached:

      helen@our_address.com on 7/7/2005 8:53 AM
            The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address.
            <west-interactive.com #5.1.1>  


Helen does not exist of course. I have a somewhat limited understanding of how it might be possible to combat this - does anyone have any suggestions for me?
PapaGutAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mikeleebrlaCommented:
read up on SPF records:

http://spf.pobox.com/
r-kCommented:
At the very least you should check the mail headers for some of those emails and make sure they are not originating within your own network (in which case you can find out and clean that infected PC):

  http://www.stopspam.org/email/headers.html
  http://itim.tamu.edu/htmlfs/mailheaders.shtml

davidt67Commented:
1) Use a mail content filtering service or package
i.e. Messagelabs
     Surfcontrol
     Brightmail
 
2) Configure your external SMTP gateway to filter out emails to non existent internal addresses.

3) Dump them all into a blackhole at the point of entry.

4) As per previous message, confirm that they are not coming from your internal network.
I assume your Firewall only allows SMTP traffic from your SMTP gateway / mail server, not client PCs...

5) Don't waste time worrying about where they are coming from..
Just be confident it isn't from your network.

Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Kevin HaysIT AnalystCommented:
Also, make sure your email is not being used as a relay server, just a general bit of info on the side there.  What kind of mail server are you running?
Dmitri FarafontovLinux Systems AdminCommented:
Your Exchange (Id assume thats the one you are runing since in 2003 TA) is not configured properly. You will need to enable SMTP Authentification and close down the box for relaying from untrusted domains.
PapaGutAuthor Commented:
After reading through tose articles (sorry it took so long), I have determined that the e-mails are indeed not coming from our network - in particular they appear to originate from a server called Cayman3000 with a IP of 64.156.132.246.

Aside from the SPF suggestion, I assume that my next step would be to block mail from these non-existant addresses (keeping in mind that they are "undeliverable mail" notifications being delivered to postmaster@__). Can someone step me through it?

We are running Exchange 6.5
PapaGutAuthor Commented:
I have come across a very simple solution to my problem:

Exchange Sustem Manager > Global Settings > Message Delivery > Properties > Recipient Filtering

then check the "filter recipients who are not in the directory" checkbox.

All these fake recipient NDR e-mails stopped (were blocked) immediately.

Thanks for your help regardless.
Dmitri FarafontovLinux Systems AdminCommented:
Please fill out request for point refund in Community support
Kevin HaysIT AnalystCommented:
Yep, that is a setting you should setup as soon as possibe when setting up the server.  :)

Glad you got that fixed.
PapaGutAuthor Commented:
I agree - it made a huge difference in terms of the junk that was being delivered - wonder why it is not enabled by default...
Kevin HaysIT AnalystCommented:
Do you have intelligent message filter and some of the dns blacklist sites set also?  I know IMF isn't as good as other spam fighters, but it does help if you don't have any though.

PapaGutAuthor Commented:
not at this point - I will look into both. The majority of the spam we get is blocked at the client level - so it was not posing as large an irritation as the NDR e-mails I mentioned.

Thanks for the tip.
davidt67Commented:
The O.P. did implement
"filter recipients who are not in the directory" and All these fake recipient NDR e-mails stopped (were blocked) immediately.
which was of the suggested solutions.  
 
>>2) Configure your external SMTP gateway to filter out emails to non existent internal addresses.<<
PapaGutAuthor Commented:
True, the comment was made to filter recipients who are not in the directory, but no detail was provided, even after I posted the following:

"Aside from the SPF suggestion, I assume that my next step would be to block mail from these non-existant addresses (keeping in mind that they are "undeliverable mail" notifications being delivered to postmaster@__). Can someone step me through it?"

If it is an issue, i will award the points, but thought that it would not be appropriate if someone else were looking for a specific solution as I was.
davidt67Commented:
There weren't any specifics in the question, (i.e. email server type and version) therefore providing specifics in the answer was difficult.
Not bothered about points, (it's a corporate account)
PapaGutAuthor Commented:
fair, I will try to be more specific in future posts - thanks
PashaModCommented:
Closed, 125 points refunded.
PashaMod
Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.