Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Block Spoofed Emails

Posted on 2011-02-17
8
Medium Priority
?
1,542 Views
Last Modified: 2012-05-11
Hi All,

I have a User who is being hit pretty hard with spoofed emails from somewhere every two minutes, using multiple spoofed (yet legitimate) email addresses.

We are using SBS 2008 and Trend Micro WFBS Advanced including the Inbound Email Security. To date I have just blocked based upon the email address, but this does not actually resolve the issue.

I assume I need to look at the Email Header to work out the IP and then block based upon that IP? The headers look pretty busy, so maybe there is a good tool I can use?
0
Comment
Question by:Flipp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 6

Expert Comment

by:crash2000
ID: 34924595
HI,

That is a similar setup to the one we use on our clients and I would strongly recomend setting up your system to use Hosted Email security, which comes with your Trend WFBS.
This should help prevent these issues, plus many more. I can't rate this product any higher.
If you use the Active Directory Sync Client, it is really easy to keep all the correct email addresses up to date.

If you have any issues with it, let me know.

Mark
http://www.crash-2000.com
0
 
LVL 6

Author Comment

by:Flipp
ID: 34924895
I do already use Inbound Email Security, but the incoming emails are being sent to legitimate internal recipients, but the incoming email address (i.e. Sender) is spoofed. I would block on IP but not sure how to sort through all email headers.
0
 
LVL 6

Expert Comment

by:crash2000
ID: 34924939
Hi Flipp,

Yes I realise that but are you using Hosted Email Security too? That is the service where you direct all your email through Trend before it even arrives at the server. You use it by adjusting MX records etc.

You have would have a login here : https://emailsec.trendmicro.eu which is used to set it up.

Mark
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 6

Author Comment

by:Flipp
ID: 34924950
Yes I am using this service already.
0
 
LVL 6

Accepted Solution

by:
crash2000 earned 2000 total points
ID: 34925049
Ah, Sorry. OK.
I am not aware of any tools. BUt perhaps someone else may advise. I presume you have tried chnaging the IP reputation and setting up a particular policy for that user.
I am suprised that Trend is letting those through. I presume you have removed any MX settings that point directly to your server and everything is going through Trends system.
I think my best advice would be to contact Trend and see if they can help.

Thanks
Mark
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34925137
ime spoofed bogus emails will stop in a few days.  Either Trend will figure it out, or the sender will move on to other targets to avoid being caught.  It is a real pain, and very annoying, but it should not last over a week at the most.  At least that has been my experience.

If any of the spoofed address are normal correspondents of your firm, I might contact them and suggest they looking an SPF record.
0
 
LVL 6

Author Closing Comment

by:Flipp
ID: 35048614
Cheers for your help.

Turns out that Trend needed create a pattern file to block these emails. After a few days it kicked in and I could remove the block I placed on email addresses and all is back to normal.
Another happy customer :)
0
 
LVL 6

Expert Comment

by:crash2000
ID: 35054875
Thanks for the feedback. always a pleasure to help.

Mark
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question