How/Can you block spoofed email addresses
How/Can you block spoofed email addresses
Lately we've been getting hit with alot of emails that show ourselves as the sender (My favorites are ones to me from me). Is it possible to block emails that the displayed from doesn't match the actual from address?
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: How/Can you block spoofed email addresses
Hi,
You need to enable the SMTP security option "Authenticated senders can spoof sender addresses" located within the "Address Spoofing" properties under the SMTP "Security" tab. This will enforce any local address that is sending to another local address your server to authenticate.
You need to enable the SMTP security option "Authenticated senders can spoof sender addresses" located within the "Address Spoofing" properties under the SMTP "Security" tab. This will enforce any local address that is sending to another local address your server to authenticate.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: How/Can you block spoofed email addresses
Sorry should have been more clear. These arent coming from our server, these are coming in from other servers showing as coming from us, I'm assuming someone somewhere with our email in their contacts got a virus or something. Our server has spoofing off already, these come in showing from my email but are actually coming from "Myname@privateemail123.com" or some other garbage yahoo address.
It actually did say my email in the from but if you say hit reply you see the actual fake email.
It actually did say my email in the from but if you say hit reply you see the actual fake email.
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: How/Can you block spoofed email addresses
Hi,
The only way to stop or mark messages with the FROM header of the message that is spoofed is either:
1. Upgrading to Professional or Enterprise and increasing the weighting value for the criteria: Envelope sender does not match header sender so that the message is marked as spam and moved to Junk.
2. Looking into a third party MTA pickup event that has the functionality to stop these types of spam messages.
The only way to stop or mark messages with the FROM header of the message that is spoofed is either:
1. Upgrading to Professional or Enterprise and increasing the weighting value for the criteria: Envelope sender does not match header sender so that the message is marked as spam and moved to Junk.
2. Looking into a third party MTA pickup event that has the functionality to stop these types of spam messages.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
-
- Posts: 2
- Joined: Wed Sep 02, 2015 6:39 am
Re: How/Can you block spoofed email addresses
You can report a phishing scam attempt to the company that is being spoofed.
Don't click on any links, open attachments, or expand any included pictures
You can also send reports to the Federal Trade Commission(forward the e-mail to the FTC, spam@uce.gov).
Don't try to reply to the sender
Delete the email from your computer
You can send details to the Anti-Phishing Working Group, which is building a database of common scams to which people can refer.
More about....phishing
http://net-informations.com/q/mis/phishing.html
Dov
Don't click on any links, open attachments, or expand any included pictures
You can also send reports to the Federal Trade Commission(forward the e-mail to the FTC, spam@uce.gov).
Don't try to reply to the sender
Delete the email from your computer
You can send details to the Anti-Phishing Working Group, which is building a database of common scams to which people can refer.
More about....phishing
http://net-informations.com/q/mis/phishing.html
Dov
-
- Posts: 6
- Joined: Thu Apr 18, 2019 8:04 am
Re: How/Can you block spoofed email addresses
We have got the same issue. This is a serious problem.
Anybody from within the domain can send emails as anybody else from the same domain without knowing the password.
Imagine i've got mailEnable running on the server whitehouse.gov and i'm a legit owner of a mailbox @whithouse.gov i could send emails pretending i'm thepresident@whitehouse.gov (assuming such email address exist) and nobody could stop me
You really should do something to enforce the check on authentication username and mailbox regardless of the envelope which may be missing
Anybody from within the domain can send emails as anybody else from the same domain without knowing the password.
Imagine i've got mailEnable running on the server whitehouse.gov and i'm a legit owner of a mailbox @whithouse.gov i could send emails pretending i'm thepresident@whitehouse.gov (assuming such email address exist) and nobody could stop me
You really should do something to enforce the check on authentication username and mailbox regardless of the envelope which may be missing
Re: How/Can you block spoofed email addresses
We have got the same issue. This is a serious problem.
Anybody from within the domain can send emails as anybody else from the same domain without knowing the password.
Anybody from within the domain can send emails as anybody else from the same domain without knowing the password.
Re: How/Can you block spoofed email addresses
Consider this is normal.
Just answer the following question.
In real life, someone can write your home address on the top left corner of the letter and send thousands of advertising letters to potential customers, all bounced back will go to your home address.
There is no way to prevent this.
Update: Actually the following will mitigate the problem
1. As suggested by Ian of ME, Upgrading to Professional or Enterprise and increasing the weighting value for the criteria: Envelope sender does not match header sender so that the message is marked as spam and moved to Junk.
2. Spamassassin in a box, it works out of installation and together with ME Spam Protection taking care all these spoofed email to Junkbox
Just answer the following question.
In real life, someone can write your home address on the top left corner of the letter and send thousands of advertising letters to potential customers, all bounced back will go to your home address.
There is no way to prevent this.
Update: Actually the following will mitigate the problem
1. As suggested by Ian of ME, Upgrading to Professional or Enterprise and increasing the weighting value for the criteria: Envelope sender does not match header sender so that the message is marked as spam and moved to Junk.
2. Spamassassin in a box, it works out of installation and together with ME Spam Protection taking care all these spoofed email to Junkbox
-
- Posts: 1
- Joined: Wed Jun 30, 2021 1:45 pm
Re: How/Can you block spoofed email addresses
We have got the same issue. This is a serious problem.ephraimdov wrote: ↑Sat Dec 31, 2016 5:02 amYou can report a phishing scam attempt to the company that is being spoofed.
Don't click on any links, open attachments, or expand any included pictures
You can also send reports to the Federal Trade Commission(forward the e-mail to the FTC, spam@uce.gov).
Don't try to reply to the sender
Delete the email from your computer
You can send details to the Anti-Phishing Working Group, which is building a database of common scams to which people can refer.
More about....phishing
http://net-informations.com/q/mis/phishing.html
Dov
Anybody from within the domain can send emails as anybody else from the same domain without knowing the password.
Re: How/Can you block spoofed email addresses
Add Spamassassin will solve this particular problem right awayradcliffes113 wrote: ↑Wed Jun 30, 2021 1:47 pmWe have got the same issue. This is a serious problem.ephraimdov wrote: ↑Sat Dec 31, 2016 5:02 amYou can report a phishing scam attempt to the company that is being spoofed.
Don't click on any links, open attachments, or expand any included pictures
You can also send reports to the Federal Trade Commission(forward the e-mail to the FTC, spam@uce.gov).
Don't try to reply to the sender
Delete the email from your computer
You can send details to the Anti-Phishing Working Group, which is building a database of common scams to which people can refer.
More about....phishing
http://net-informations.com/q/mis/phishing.html
Dov
Anybody from within the domain can send emails as anybody else from the same domain without knowing the password.