• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 180
  • Last Modified:

email spoofing?

a customer has been receiving numerous emails saying that his outgoing email have bounced. However, he didn't send any of the emails. I suspected he might have been infected with a bot that was spamming from his computer, but we have run scans and found nothing. There are about a dozen users at his office and he is the only one with this problem.
I now suspect that someone external is spoofing using his email address as the return/sending email address and he is receiving the bounced messages. All the destination addresses end in '.de'
Is there any way to stop this from happening? Yesterday morning (after the long week-end) he had over 50 of these emails.
Any suggestions would be appreciated.
Cheers,
Greg
0
gregmiller4it
Asked:
gregmiller4it
  • 4
  • 2
  • 2
  • +4
3 Solutions
 
bbaoIT ConsultantCommented:
theoretically you have no way to stop an external party from sending you such kind of spoofing emails but technically you simply block them from your local email client by giving proper email signatures to filter them out.
0
 
Michael FowlerSolutions ConsultantCommented:
Have a look in the header of these emails to see if you can identify where they are being sent from and if you can, then contact the ISP to register a complaint
http://compnetworking.about.com/od/workingwithipaddresses/qt/ipaddressemail.htm
0
 
VB ITSSpecialist ConsultantCommented:
Honestly there's not much you can do when a spammer decides to spoof your email address. I usually use this analogy when explaining this sort of thing to my clients:

Email spoofing is similar to a spammer writing your name and address on the back of an envelope in the Return to/From: section before they send it off. The letter may be addressed to a non-existent address in which case the Post Office will eventually return the letter to you, as your name and address are on the back of the letter. The only way to stop the spammer from doing this is to physically be there when they forge your details on the back of the letter.

Best practice is to never use your company email account when signing up for online newsletters or any sort of public forum, and use a throwaway email account such as a Gmail, Hotmail, etc. account instead.

Hope the above clears things up.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Dave BaldwinFixer of ProblemsCommented:
A common spam technique is to use 'your' email address as the return address and send to a non-existent email address so the email will bounce.  When it bounces, it will come back to 'you' as a legitimate bounce email.
0
 
Dave HoweSoftware and Hardware EngineerCommented:
you can certainly attempt to use SPF, and optionally also DKIM / DMARC but there are significant overheads involved in digitally signing outbound mail, and poor adoption of the technology (adoption of SPF is not much better, but at least that's low overhead, just adding a dns record)

On the whole though, email is not a strongly authenticated system and there isn't much that can be done to prevent mail being sent in "your" name.
0
 
gregmiller4itAuthor Commented:
I've passed the info on to my customer and also advised him to talk to his ISP to see if they can offer any help. I'll report back when I talk to the customer again.
0
 
madunixCommented:
SPF prevents spammers from using YOUR domain name; a good email security gateway product in front of your email server should prevent spoofed email; you could check Hexamail Guard
http://www.hexamail.com/hexamailguard/
http://www.altn.com/Products/SecurityGateway-Email-Firewall/Security-Features/#AntiSpoofing
0
 
gregmiller4itAuthor Commented:
The customer doesn't host their own email; they use pop accounts host by their ISP. Not sure if that makes a difference.
0
 
Dave HoweSoftware and Hardware EngineerCommented:
Only really matters if they have their own email domain or not - if it's just a generic mailbox domain, they may not have access to set up the required dns records.

But on the whole, there is little you can do to avoid people faking emails.
0
 
gregmiller4itAuthor Commented:
I will check with the customer again tomorrow if I can.
0
 
gregmiller4itAuthor Commented:
I've just spoken to the customer again; he said that it has now stopped (i.e. the problem has gone away) but he didn't do anything specific that he is aware of to fix it....
...so, I'm not sure what I should do with this question to close it now????
0
 
VB ITSSpecialist ConsultantCommented:
That's probably because the spammer has chosen not to use his email address to send out spam yet. There's no guarantee they won't do it again down the track though. As stated earlier, there's not much you can do to prevent someone from spoofing your email address.

The best thing to do to avoid a repeat of this is to never use your business address when signing up to any sort of online forum or newsletter, Facebook, etc. - use an account from a free email provider (such as Hotmail or Gmail) for these purposes instead. The more you use your email address on the web for these sort of things, the more chances you have of a spammer spoofing your email address.
0
 
Michael FowlerSolutions ConsultantCommented:
The spammer probably got shut down by the ISP they were using and so have moved to a new account somewhere else and are using a new FROM address so that they cannot be tracked by this information and making harder to use rules to shut them down permanently. As modern Spam filters do not use the From address for blocking because of this issue then there should be no ongoing problems.

I will also second the comments above by @VB ITS, it is very good advice to follow.

As for this question: Just pick the response(s) that you feel assisted you and assign the points
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 4
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now