The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!
Email spoofing
Dear Experts,
My client has regular pop3 email boxes from Godaddy, which recently have been spoofed. Basically, someone is sending emails using their email addresses requesting payments or loans. I changed their passwords, scanned their machines, and am pretty sure these emails are not coming from my clients' PCs. After I spoke to Godaddy, they recommended I switch to Office 365 email boxes because of encryption.
What I am skeptical about is, if all they are using is the email addresses that they know exist, how does encryption of the email stop this type of spoofing? It feels as though someone just saw my name on the website, and decided to use that name to register for something.
Unless my name itself is encrypted, I cannot stop that person from impersonating me, so why does encrypted email stop spoofing?
Please advise.
My client has regular pop3 email boxes from Godaddy, which recently have been spoofed. Basically, someone is sending emails using their email addresses requesting payments or loans. I changed their passwords, scanned their machines, and am pretty sure these emails are not coming from my clients' PCs. After I spoke to Godaddy, they recommended I switch to Office 365 email boxes because of encryption.
What I am skeptical about is, if all they are using is the email addresses that they know exist, how does encryption of the email stop this type of spoofing? It feels as though someone just saw my name on the website, and decided to use that name to register for something.
Unless my name itself is encrypted, I cannot stop that person from impersonating me, so why does encrypted email stop spoofing?
Please advise.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Very simple.
GoDaddy has installed security key verification like DKIM or other on their Office365 and this key is compared to their DNS. SO no one can duplicate settings and send emails from different server pretending is coming from GoDaddy.
This settings can only be implemented on ActiveSynch servers and can;t on old pop3 servers.
I think in your case someone just duplicated your pop3 settings and modified his header to looks like legit email from pop server from Godaddy.
That's why email it looks like legit.
If you going to move to ActiveSynch server you'll be safe
GoDaddy has installed security key verification like DKIM or other on their Office365 and this key is compared to their DNS. SO no one can duplicate settings and send emails from different server pretending is coming from GoDaddy.
This settings can only be implemented on ActiveSynch servers and can;t on old pop3 servers.
I think in your case someone just duplicated your pop3 settings and modified his header to looks like legit email from pop server from Godaddy.
That's why email it looks like legit.
If you going to move to ActiveSynch server you'll be safe
Moving to o365, in itself, won't stop spoofing. It will, however, net godaddy significant commissions on your licensing.
You also may not be getting spoofed. If the credentials for any of the godaddy accounts are compromised, they can be used to send email legitimately. So make sure your passwords are secure.
Moving to o365 will, however, give you better security controls. Multi factor authentication helps limit unauthorized use. Dkim and spf provide methods for recipients to verify that emails are sent from you and not spoofed. Pop and imap don't allow these.
For info, godaddy o365 is not different than Microsoft's o365. It is just o365 with godaddy providing tech support.
You also may not be getting spoofed. If the credentials for any of the godaddy accounts are compromised, they can be used to send email legitimately. So make sure your passwords are secure.
Moving to o365 will, however, give you better security controls. Multi factor authentication helps limit unauthorized use. Dkim and spf provide methods for recipients to verify that emails are sent from you and not spoofed. Pop and imap don't allow these.
For info, godaddy o365 is not different than Microsoft's o365. It is just o365 with godaddy providing tech support.
It is not possible to prevent random users from sending email purported to be for any particular email address. Cannot be done.
What you can and should do, is set up at least an SPF record, preferably DMARK and DKIM as well. Running email without a properly set up SPF record in 2017 means you are pretty much guaranteed to be spoofed like this.
If you have an SPF record set up for your domain, then it will let receiving email servers check that the email was actually sent from your mail server. Most large mail services will do this, and either outright reject, or regard with suspicion anything that does not match the SPF record.
Crooks can still spoof an SPF protected email address, however little of the resultant spam will get through, so they nearly always use addresses with no SPF protection.
More on SPF here: https://en.wikipedia.org/wiki/Sender_Policy_Framework
What you can and should do, is set up at least an SPF record, preferably DMARK and DKIM as well. Running email without a properly set up SPF record in 2017 means you are pretty much guaranteed to be spoofed like this.
If you have an SPF record set up for your domain, then it will let receiving email servers check that the email was actually sent from your mail server. Most large mail services will do this, and either outright reject, or regard with suspicion anything that does not match the SPF record.
Crooks can still spoof an SPF protected email address, however little of the resultant spam will get through, so they nearly always use addresses with no SPF protection.
More on SPF here: https://en.wikipedia.org/wiki/Sender_Policy_Framework
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
As Mal said, anyone can forge a from address.
Setting up correct SPF records allows receiving machines to block spam originating from incorrect (random Bot) sources.
And SPF records only work on receiving machines which correctly process + enforce SPF record data.
Mucking about with mail setups is incredibly simple, if you know how to do complete every step correctly + then test every step using tools like https://dmarcian.com provides.
If this is your first time debugging a problem like this, hire someone who does this all the time + have them run a video recorder to capture what they're doing + have them annotate the video. Then you may be able to do this yourself, next time around.
Setting up correct SPF records allows receiving machines to block spam originating from incorrect (random Bot) sources.
And SPF records only work on receiving machines which correctly process + enforce SPF record data.
Mucking about with mail setups is incredibly simple, if you know how to do complete every step correctly + then test every step using tools like https://dmarcian.com provides.
If this is your first time debugging a problem like this, hire someone who does this all the time + have them run a video recorder to capture what they're doing + have them annotate the video. Then you may be able to do this yourself, next time around.
Dear Experts,
Thank you for very well rounded advises/insights to this problem.
I will get SPF records, this has been a great education for such wide spread problem.
I really appreciate your comments.
Thank you for very well rounded advises/insights to this problem.
I will get SPF records, this has been a great education for such wide spread problem.
I really appreciate your comments.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
Your email (and millions of others) are harvested from places where your name exists.
Most internet sites now hide this, but once they have your email address and name they will spoof all the time. The only thing anyone can do (aside from changing their email) is for everyone to have top notch spam filtering. Sadly many people do not bother.
I see spoofed names and false emails that I recognize in my spam quarantine. Real email from these same people do not land in the quarantine.