AXISHK
asked on
Check Spoof email
We have recevied several email where the display name show our company email address but the actual sender address is logged as aol.com in our IMSVA gateway.
Even though we have enabled SPF and check the sender and receipt address, does it mean usefulness as the checking will only be triggered when the sender and recipent are in the same domain. How should I track these kind of cases ?
Thx
Even though we have enabled SPF and check the sender and receipt address, does it mean usefulness as the checking will only be triggered when the sender and recipent are in the same domain. How should I track these kind of cases ?
Thx
Muhammad Burhan
PTR (reverse lookup) verification with DNS-BL will definitely block them.
It sounds like your SPF settings are either not correct or your mailserver isn't processing SPF as you intended.
Once SPF is properly implemented you cannot get messages from your own domain without the sender doing a lot of work.
SPF does introduce a problem with message forwarding etc. There is a framework in place called SRS (Sender Rewrite Service) which allows for the correct operation of SPF with forwarded messages, but very few mailservers are configured to use it.
What mail server are you using?
Colin
Once SPF is properly implemented you cannot get messages from your own domain without the sender doing a lot of work.
SPF does introduce a problem with message forwarding etc. There is a framework in place called SRS (Sender Rewrite Service) which allows for the correct operation of SPF with forwarded messages, but very few mailservers are configured to use it.
What mail server are you using?
Colin
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is where DMARC and SPF come into play. Are you at least making use of SPF already?
ASKER
SPF have been setup and test well in mxtool.
But any reference on setting up the e DMARC ? I used Trend Micro IMSVA and Exchange 2010.
Thx
But any reference on setting up the e DMARC ? I used Trend Micro IMSVA and Exchange 2010.
Thx
At best that I know is on DKIM Signing which should also suffice.
https://docs.trendmicro.com/all/ent/imsva/v9.0/en-us/imsva_9.0_olh/imsva_smtp_routing_dkim_cfg.html
However I saw
https://docs.trendmicro.com/all/ent/imsva/v9.0/en-us/imsva_9.0_olh/imsva_smtp_routing_dkim_cfg.html
However I saw
In a nutshell, DMARC is another type of DNS TXT record that builds on SPF and DKIM records and can be configured to specifically tells email filters to reject emails that did not originate from the senders authorized from the SPF or DKIM records. This is enough to stop spoofed emails cold in their tracks. Here is an example of a DMARC record:http://www.thecloudtechnologist.com/how-to-stop-email-spoofing-using-dmarc/
v=DMARC1; p=quarantine; rua=mailto:postmaster@myemaildomain. com
What this does is to send items to quarantine if the SPF record or DKIM checks fail, and to send reports to an email address that you specify.