Wednesday, August 07, 2013, 15:46
Solution ID: 00000216
What is sender spoofing and what can I do to stop it?
Spoofing is the act of forging e-mail headers to make it look like the e-mail is originating from a different sender or server. A spammer can simply state they are sending a message from another e-mail address, almost at will.
Spoofing is so hard to stop because there is no way to validate an e-mail within the message itself. This is an inherent problem with the SMTP design. With DKIM and SPF you have some sort of validation technique, but the adoption of these methods is relatively sparse; though we do see the acceptance of SPF increasing.
For anti-spoofing we recommend the "verify e-mail option" as a minimum. Some organizations will never see e-mail coming from the internet as "sent" from their domain. However, when you have situations where people send from their home accounts "using their work e-mail address" the "block" options can result in many false positives.
To configure anti-spoofing options log into the PerfectMail web interface and navigate to Filters > Filter Settings > Sender tab; there are 3 options:
Verify e-mail address: Verify the existence of e-mail addresses from hosted domain, but coming from the outside. (Recommended.)
Block self sent e-mail: Block e-mail sent by a user to their selves, but coming from outside. (Recommended for most organizations.)
Block all: Block all e-mail from the outside that is reportedly from a hosted domain. (Restrictive)
Note: To PerfectMail the outside world is anything that is not defined as a part of your infrastructure. Your mail servers and relay servers are all considered "inside", while everything else is considered "outside". PerfectMail is smart enough to recognize mail coming through "inbound" relays and will consider the first "outside" hop as the outside originator.
Tags: email, spam, sender, spoof, spf, dkim, validation, verification
Link to this article: kb/how_to_stop_spoofing
Updated: Wednesday, August 07, 2013, 15:46
-- David Rutherford