Flipp
asked on
Block Spoofed Emails
Hi All,
I have a User who is being hit pretty hard with spoofed emails from somewhere every two minutes, using multiple spoofed (yet legitimate) email addresses.
We are using SBS 2008 and Trend Micro WFBS Advanced including the Inbound Email Security. To date I have just blocked based upon the email address, but this does not actually resolve the issue.
I assume I need to look at the Email Header to work out the IP and then block based upon that IP? The headers look pretty busy, so maybe there is a good tool I can use?
I have a User who is being hit pretty hard with spoofed emails from somewhere every two minutes, using multiple spoofed (yet legitimate) email addresses.
We are using SBS 2008 and Trend Micro WFBS Advanced including the Inbound Email Security. To date I have just blocked based upon the email address, but this does not actually resolve the issue.
I assume I need to look at the Email Header to work out the IP and then block based upon that IP? The headers look pretty busy, so maybe there is a good tool I can use?
ASKER
I do already use Inbound Email Security, but the incoming emails are being sent to legitimate internal recipients, but the incoming email address (i.e. Sender) is spoofed. I would block on IP but not sure how to sort through all email headers.
Hi Flipp,
Yes I realise that but are you using Hosted Email Security too? That is the service where you direct all your email through Trend before it even arrives at the server. You use it by adjusting MX records etc.
You have would have a login here : https://emailsec.trendmicro.eu which is used to set it up.
Mark
Yes I realise that but are you using Hosted Email Security too? That is the service where you direct all your email through Trend before it even arrives at the server. You use it by adjusting MX records etc.
You have would have a login here : https://emailsec.trendmicro.eu which is used to set it up.
Mark
ASKER
Yes I am using this service already.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ime spoofed bogus emails will stop in a few days. Either Trend will figure it out, or the sender will move on to other targets to avoid being caught. It is a real pain, and very annoying, but it should not last over a week at the most. At least that has been my experience.
If any of the spoofed address are normal correspondents of your firm, I might contact them and suggest they looking an SPF record.
If any of the spoofed address are normal correspondents of your firm, I might contact them and suggest they looking an SPF record.
ASKER
Cheers for your help.
Turns out that Trend needed create a pattern file to block these emails. After a few days it kicked in and I could remove the block I placed on email addresses and all is back to normal.
Another happy customer :)
Turns out that Trend needed create a pattern file to block these emails. After a few days it kicked in and I could remove the block I placed on email addresses and all is back to normal.
Another happy customer :)
Thanks for the feedback. always a pleasure to help.
Mark
Mark
That is a similar setup to the one we use on our clients and I would strongly recomend setting up your system to use Hosted Email security, which comes with your Trend WFBS.
This should help prevent these issues, plus many more. I can't rate this product any higher.
If you use the Active Directory Sync Client, it is really easy to keep all the correct email addresses up to date.
If you have any issues with it, let me know.
Mark
http://www.crash-2000.com