SUMMARY
Considerations in blocking SPAM and how e-mail messages can be 'spoofed' to appear to come from someone other than their actual sender.
DETAIL
Sometimes it is difficult to validate the
actual origin of a mail message. The contents of the message (and how it is viewed
in the mail client) has virtually nothing to do with where the message
actually came from. The analogy is an envelope and a message. An envelope can be sent
to a person, but the letter itself could contain a message for another person.
If you throw the envelope away, then you have little proof as to who the
message actually came from. This is very much what happens with mail. Spammers send
a message and they envelope to your actual address, however, the message inside
the envelope actually says that the message is from someone else.
Here is
an example:
SMTP Server receives mail from User1 to User@yourdomain.com.
The contents of the message/message headers sent in
the SMTP transaction contain the following:
To: User@yourdomain.com
From: EasterBunny@Whereeveryouwant.com
Subject: This is spam
Message text
For example, it is possible
to blacklist Whereeveryouwant.com; but this will not block the incriminating
e-mail, as you actually need to blacklist User1 (or the IP address that the
person is sending from).
SOLUTION
The solution is to work out exactly who is sending
these messages and what IP address they are sending them from. Unfortunately,
when the message is received in the mailbox, virtually all envelope information
has been lost. It only resides in the MailEnable logs (MailEnable does allow you
to do reverse lookups on sender addresses and require PTR records - and this is
the best way to get around this problem).
The
domain blacklisting (as opposed to Reverse DNS Blacklisting) feature is not intended to
fight spam. It is more to stop users receiving mail from legitimate (i.e.: non
spoofed) domains. It has limited effectiveness in
preventing SPAM from spammers who can masquerade their domains as whoever they
want.
MORE INFORMATION
Blacklisting mechanisms: http://www.mailenable.com/kb/content/article.asp?ID=ME020084
Product: | MailEnable (Custom: Custom: Custom: Custom: Custom: Custom: All Versions) |
Category: | Operation |
Article: | ME020140 |
Module: | SMTP |
Keywords: | SPAM,spoof,blacklist,ban,domain,black-list,domains,blacklisted |
Class: | INF: Product Information |
Created: | 16/06/2003 8:53:00 PM |
Revised: | Wednesday, May 4, 2016 |
Author: | MailEnable |
Publisher: | MailEnable |