?
Solved

How to deal with spam where "From" email is spoofed and does not match return-path

Posted on 2013-01-09
4
Medium Priority
?
867 Views
Last Modified: 2013-01-15
Hello,

I am using a Windows 2008 server and manage all our emails using MailEnable professional. We also use Magic Spam to trap most spam emails.

Unfortunately we are getting a lot of emails which are obvious spams and they have been spoofing our own emails in the "FROM" part. When I look at the message header I can see the return-path points to a completely different email address which clearly does not match the FROM part.

Is there any effective way to reject these emails using MailEnable by rejecting emails where the FROM email and return-path do not match?

Also are there legitimate cases where they will differ?

Thanks in advance
0
Comment
Question by:mike99c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 1

Assisted Solution

by:Slagwag
Slagwag earned 1000 total points
ID: 38758687
I would first check if you are whitelisting your own domain somewhere in MailEnable Spam filtering or Magic Spam. If not, look for a setting called IP Lock with Magic Spam. I am not familiar with this product but what IP lock does is let you specify what IP ranges can send e-mail through your server.

Example: with an IP lock on yourcompany.com set to your servers public IP of 64.15.3.21 - all traffic your server receives from your own domain will be checked to see if that IP address in the message header that it is coming from matches the server IP (this can be a range as well). This will prevent these spoofed e-mails.

However, it does raise another potential issue. Some users may have Outlook setup from their home and use their ISP to send e-mail out because of port 25 being blocked or may use send on behalf settings from personal e-mails. This might not be allowed in your company but I just wanted to make you aware of it in case this happens.
0
 
LVL 2

Accepted Solution

by:
designxperts earned 1000 total points
ID: 38758806
I would recommend setting up an SPF record for your domain and enable SPF checking on your mail server. SPF validates the IP address of the sender, this helps protect from email spoofing for all incoming email as well.

http://www.mailenable.com/documentation/6.0/Professional/Sender%20Policy%20Framework%20%28SPF%29.html

http://en.wikipedia.org/wiki/Sender_Policy_Framework
0
 

Author Comment

by:mike99c
ID: 38769974
re: comment from designxperts

I have looked into the SPF record syntax and this may be ok for us. We use SMTP authentication for our emails hence the outgoing mail server is fixed for each domain.

Can I check the following with you?

If we have a domain called mydomain.com and the mail server is mail.mydomain.com, does this mean we can setup the SPF record as follows:

"v=spf1 mx mx:mail.mydomain.com -all"
0
 
LVL 2

Expert Comment

by:designxperts
ID: 38781306
Sorry, didn't notice your question till now.

Basically that syntax is correct, you have many options when it comes to writing the SPF record, the following link covers them:

http://www.openspf.org/SPF_Record_Syntax
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question