Solved

Spam/Spoofed Email <fakeuser@ourdomain.com>

Posted on 2007-04-03
5
376 Views
Last Modified: 2010-04-19
We have had an issue with Spoofed emails for some time now.

For instance we will recieve an email from <xff@OurDomain.com>

How can we prevent fake emails that have our domain on the address from being sent? We run a single Exchange 2003 server with Symantec 10.0
0
Comment
Question by:Drakin030
  • 2
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
robjeeves earned 250 total points
ID: 18847310
It's tricky because anyone can can send an email and say it is from anyone.

Something in its early stages is SPF - You can have a read here http://www.openspf.org/
Basically you add a DNS entry that says what IP/s can send email from your domain.  For this to work a 3rd partys mail server needs to actually perform an SPF check to see if the email from your domain really did originate from one of the specified IPs.  Its early days for SPF so not full proof by any stretch.

Worth taking a look at the link though for a bit of reading

Rob
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18847570
See my response and others in this question earlier today.
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q__22490265.html

Basically there is close to nothing you can do as long as the messages are not originating from your domain.

Simon.
0
 
LVL 9

Expert Comment

by:robjeeves
ID: 18847638
The analogy I use is;

There is nothing to stop someone putting a post card in the postbox and saying its from santa clause.  It will still get delivered.

Rob

0
 

Author Comment

by:Drakin030
ID: 18850523
Hmm...Well I guess theres not alot I can do then. It stinks cause when they are sent alot of the times its sent to the address for all users. For instance "CentralOffice@<mydomain>.com

So everyone would get it. Argh, oh well.

So what should I do about the points thing...
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 250 total points
ID: 18850928
If you have an address that all users email, and no one from outside needs to email it, then change the SMTP address, put the address that is being abused in to a black hole and restrict the new group to internal people only.

Simon.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question