crcsupport
asked on
filtering spams pretending from legit domain.
We receive many spams pretending someone with legit domain name. How do I block this? I have GFI spam filter, but want to know what the general technique to do it such as checking reverse domain lookup or SPF. I enabled both in the past, since many sending email servers out there were not probably setup, I noticed more false positive, though.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Looking at header, how do I know if it's from legit domain or someone pretending from the forged domain? I need help to interpret the routing part of the header
"Microsoft Mail Internet Headers Version 2.0
Received: from 70-35-36-45.static.wiline. com ([70.35.36.45]) by mail.xxxxx.com with Microsoft SMTPSVC(x.x.xxx.xx..xx);
Fri, 21 Jun 2013 12:18:35 -0400
Received: from unknown (HELO uslitintrl01.us.lexisnexis .com) ([10.69.142.113])
by uscwygtw06.dnb.com with ESMTP; Fri, 21 Jun 2013 08:18:32 -0800
Received: from dbpliupap113.us.dnb.com ([158.151.64.113])
by uslitintrl03.us.lexisnexis .com with ESMTP; Fri, 21 Jun 2013 08:18:32 -0800
Date: Fri, 21 Jun 2013 08:18:32 -0800"
complete header is below.
HEADER INFO
======================
X-Antivirus: xxxxx for E-mail
Microsoft Mail Internet Headers Version 2.0
Received: from 70-35-36-45.static.wiline. com ([70.35.36.45]) by mail.xxxxx.com with Microsoft SMTPSVC(x.x.xxx.xx..xx);
Fri, 21 Jun 2013 12:18:35 -0400
Received: from unknown (HELO uslitintrl01.us.lexisnexis .com) ([10.69.142.113])
by uscwygtw06.dnb.com with ESMTP; Fri, 21 Jun 2013 08:18:32 -0800
Received: from dbpliupap113.us.dnb.com ([158.151.64.113])
by uslitintrl03.us.lexisnexis .com with ESMTP; Fri, 21 Jun 2013 08:18:32 -0800
Date: Fri, 21 Jun 2013 08:18:32 -0800
From: "LexisNexis" <einvoice.notification@lex isnexis.co m>
To: <xxxx.xxxx@xxxxxxxx.com>,
<xxxx@xxxxxxxxx.com>
Message-ID: <228014310.117028178370437 55.JavaMai l.www@smtp -gw.us.lex isnexis.co m>
Subject: Invoice Notification for June 2013
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_3600_ 128155292. 1069652046 677"
X-Nonspam: None
Return-Path: no-reply@intuit.com
X-OriginalArrivalTime: 21 Jun 2013 16:18:35.0360 (UTC) FILETIME=[FAE42E00:01CE6E9 A]
------=_Part_3600_12815529 2.10696520 46677
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
------=_Part_3600_12815529 2.10696520 46677
Content-Type: multipart/related;
boundary="----=_Part_3600_ 128155292. 1069652046 677"
------=_Part_3600_12815529 2.10696520 46677
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
------=_Part_3600_12815529 2.10696520 46677
Content-Type: application/zip;
name="LexisNexis_Invoice_0 6212013.zi p"
Content-Transfer-Encoding: base64
Content-ID: <f5e76648a161$42c24e5b$e55 413e6$SYYE ELD>
Content-Disposition: inline;
filename="LexisNexis_Invoi ce_0621201 3.zip"
------=_Part_3600_12815529 2.10696520 46677--
------=_Part_3600_12815529 2.10696520 46677--
========================== ========== ========== ====
"Microsoft Mail Internet Headers Version 2.0
Received: from 70-35-36-45.static.wiline.
Fri, 21 Jun 2013 12:18:35 -0400
Received: from unknown (HELO uslitintrl01.us.lexisnexis
by uscwygtw06.dnb.com with ESMTP; Fri, 21 Jun 2013 08:18:32 -0800
Received: from dbpliupap113.us.dnb.com ([158.151.64.113])
by uslitintrl03.us.lexisnexis
Date: Fri, 21 Jun 2013 08:18:32 -0800"
complete header is below.
HEADER INFO
======================
X-Antivirus: xxxxx for E-mail
Microsoft Mail Internet Headers Version 2.0
Received: from 70-35-36-45.static.wiline.
Fri, 21 Jun 2013 12:18:35 -0400
Received: from unknown (HELO uslitintrl01.us.lexisnexis
by uscwygtw06.dnb.com with ESMTP; Fri, 21 Jun 2013 08:18:32 -0800
Received: from dbpliupap113.us.dnb.com ([158.151.64.113])
by uslitintrl03.us.lexisnexis
Date: Fri, 21 Jun 2013 08:18:32 -0800
From: "LexisNexis" <einvoice.notification@lex
To: <xxxx.xxxx@xxxxxxxx.com>,
<xxxx@xxxxxxxxx.com>
Message-ID: <228014310.117028178370437
Subject: Invoice Notification for June 2013
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_3600_
X-Nonspam: None
Return-Path: no-reply@intuit.com
X-OriginalArrivalTime: 21 Jun 2013 16:18:35.0360 (UTC) FILETIME=[FAE42E00:01CE6E9
------=_Part_3600_12815529
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding:
------=_Part_3600_12815529
Content-Type: multipart/related;
boundary="----=_Part_3600_
------=_Part_3600_12815529
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding:
------=_Part_3600_12815529
Content-Type: application/zip;
name="LexisNexis_Invoice_0
Content-Transfer-Encoding:
Content-ID: <f5e76648a161$42c24e5b$e55
Content-Disposition: inline;
filename="LexisNexis_Invoi
------=_Part_3600_12815529
------=_Part_3600_12815529
==========================
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think I used it long time ago, don't know why I stopped using..