Announcement

Collapse
No announcement yet.

Email address Spoofing?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Email address Spoofing?

    What would the problem be if we get emails, sometimes SPAM, being sent from email addresses that appear to be our organisations email addresses but they are really not?

    I sometimes receive emails from [email protected], these from: addresses are definitely not valid within our organisation. Sometimes the from address: is like this Kerri[mailto:[email protected]] The Kerri part of this address is not a name that is recognised within our organisation, does anyone have any idea why this should happen and how to overcome it? I've checked and there is no open relaying on our exchange server. We use NetIntelligence but it doesn't seem to be doing much to stop it.

  • #2
    Re: Email address Spoofing?

    Enabling Reverse DNS lookup may stop these emails but this adds system overhead because it does a DNS query for every message it receives. Also, legitimate email may be bounced if the sending domain doesn't have the proper PTR record setup.
    You could take a sampling of those emails and look at the header to see if they're always coming from the same location. If so, you can have your Exchange server reject that IP address(es).
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Email address Spoofing?

      JeremyW - how would enabling reverse DNS lookup help? It doesn't actually do anything other than complete a field in the header. You would have to use something else to actually work with the results of the reverse DNS header.

      The functionality (or rather the lack of) of reverse DNS lookup on Exchange is explained here: http://support.microsoft.com/default.aspx?kbid=297412

      It is probably the most useless option in Exchange - all it does is slow down email delivery to the Exchange server without any benefit.

      pdania - you need to look at your antispam software to see if it will filter email from your own domain. That is the usual method to deal with it.
      That does stop email being sent to your users via the "Send to a friend" option on many web pages, and can cause issues if you have users using Outlook Express and send email in or through your SMTP virtual server.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Email address Spoofing?

        Thanks Sembee, and also thanks to JeremyW for spending time to offer your contributions.

        (pdania - you need to look at your antispam software to see if it will filter email from your own domain. That is the usual method to deal with it) Our SPAM Filter is external and I really detest it!! We can release emails trapped in quarantine by clicking on a link and logging in using a username and password, today I received blatant spam in my inbox and this really p*** me off. They have given us an email adress to send these SPAM to and for some reason I don't think it's a solution, I'm worried that we'll get blacklisted soon because I'm sure emails are arriving at other domains with our domain name as the sender. I will act on your suggestion Sembee, thanks again.

        Comment


        • #5
          Re: Email address Spoofing?

          If your external anti-spam solution isn't working, then it needs to be dropped. A non-working solution is worse than having nothing at all, as it could be dropping valid email messages instead.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Email address Spoofing?

            Originally posted by Sembee
            JeremyW - how would enabling reverse DNS lookup help? It doesn't actually do anything other than complete a field in the header. You would have to use something else to actually work with the results of the reverse DNS header.

            The functionality (or rather the lack of) of reverse DNS lookup on Exchange is explained here: http://support.microsoft.com/default.aspx?kbid=297412
            I appreciate the correction. Thanks for keeping me in check.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment

            Working...
            X