How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
For example:
Received-SPF: pass ({mailserver}: domain of dcacinc.com designates 185.173.176.61 as permitted sender)
client-ip=185.173.176.61
Received: from dcacinc.com ([185.173.176.61]) by {mailserver} with
MailEnable ESMTP; Thu, 1 Sep 2022 14:58:18 -0500
Received: from 10.253.237.14
by atlas104.aol.mail.gq1.yahoo.com with HTTPS; Tue, 9 Aug 2023 13:46:16 +0000
X-Originating-Ip: [209.85.219.181]
Received-SPF: pass (domain of gmail.com designates 209.85.219.181 as permitted sender)
Authentication-Results: atlas104.aol.mail.gq1.yahoo.com;
dkim=pass header.i=@gmail.com header.s=20210112;
spf=pass smtp.mailfrom=gmail.com;
dmarc=pass(p=NONE,sp=QUARANTINE) header.from=gmail.com;
X-Apparently-To: {localuseremailaddress}; Tue, 9 Aug 2023 13:46:17 +0000
X-YMailAVSC: Gzb.euc3bBuezfdd2CQvkIW0BElvhP7IJt8xkwSuW4gwFVP
JK5BS6weBCt3YjWVB9KjPhelC_LW0l3QSL1z_YRTX9DLZlKJ2JsE8jrUddlP
Yu6a8416WrJ0NOahWb8bWAu8NWbPg4rW0Fs5pjRbiOnlOsQR.oZwHuKvQPDU
e.KG605m_dt.Y25QOgrw5Ya.x9JjCHa.8bacnF8v_slN_3miV2N5UF9bM35Y
fkwrGRNYZW7zBJufJsIPCoLLGdGRr6Oe5qmidBUOBrXwxqGrkn_P6Iae9WH9
llTkYRBqP2CjRVAZTvBCzKHwmr31IHYmQ3t4S4T3j9K64_q9wpCFPqgjFWAC
BbTPM4RXS5veEL7SLY6SuQZoki2be5Xn0YRuu8aLE3QFygvzmZXOAdKYajr0
NLTpaIHfy5H6S2J11nQ5P6jFYlar1ALar5UfmfluwdjEpDLoYdX1LAMVeNVH
N2OLATDpaSmt8G_RLtQwh5RDfefZVsb9rSd2aX1wr897wcRGp_mfq.QPczaV
f316laQogRA5CGp2tXFnG96Biqm7yuN5I7nGZIZPjtQPU2GE.NkendrQ66_s
H.aFUp9ONFUJbYbyqpXzS6YLc517nng0LMT9sp3nn7LTVRrUmntUytV91Nn.
FOuKGgQQXlSM_d2xmfpaWRqddliNSnM3MBKDRj1nD7mK9i_4w5Q474K0GZow
EXzUVZacCtHQrQOyLNtdM8NkHiKcZgAkc5G3__sBPOkFSeQ5BNPZPn2ifcQj
er3Y6IvymW5nc.NDS4BNmB3omVLNLkCnKEsAnLYmVKw2QtZEvQg6Wu_vv3XT
ZGo2qSJsQ11I07w.T3bIEzA4roD8bACe3nmbv69hK9zKvzLOvN1t_5L8h6kr
103iSDgYyE4mH4P_md5zQRkXoBMGjTS6WWWCd4VicP.iZLARXUf.byp8lesH
pNOMWF4ws9sWhQz3QCOwtNJFQLXRnwy_MRsRNDvcSorWZ0gGrfyBcJ_.isbi
CytF0LVIiinrYJhjTLaXWHuV81K6OBG7lgi8ELkrBkAAiFD0rw7WtG89IqNM
.uRM5ZdvY7bOTV62lSZMAPnav
X-YMailISG: LHB5.igWLDuS00Hp2npJeRsOoqxNNCYawr2aYPnsiArfk80b
c3q.D7nfHgS6IuypQ68XZR.lHFjADir8goXHH2sfkzGsBAHR0MyNyJ7ourFk
MemuGht7Tcfk1f3lm.PP.2M_urh0Hc_sEyqbPyoipzxmjB5g4tnR6oACbfYM
9wSO6XaVVhFcz_Z.j40jQFldiQzH1D_HcbRcCXCZRxN9j7wgs4ize6_wA8G5
oa563ZmJeAGCZJAVDMjI_q2YkZAh.QO6ykCA_L0WlYeCs3P_yoSVnTF800ZY
4Xcc0dp38pNTKBh7MJcUDAPwkJYTjPc9rNBpyJOPDyOSCdOIofmLkfVyJaPy
huJV8ogivxNBhEDnHSLG.5kiaeveSNu7XTPjnKn5hy4hlQooyNdvTdgV8tr3
J6yJARFpDebqf1DtZKN.mLRs9L6K9nMlNeANOoRJ1fCaMnSP0HeswsxUP5FR
7XRvBt8SBCmJ4l0F8kp5Pymqa_JGGLgxwNJfRhoQU3MAc07XnMks_cYxJETB
odUaPwkiX9mpIPO32LWAelqNKN5CFoY9QDubu6pSjJC9Hrt5VNQUIE_0GYPc
_0umxRBrfMT0r7P833iWp8K9qOIqOImSbCEy8QBhcsBnT7sQH5vGb669Bxus
PPaUFTmj_VRGH6Q6UcdXNEesyF_NVw7ltBdrbbvN30ZhoGhI2OyoUk79bIKU
CDF.MAqV8vZPdIPsJgVDtMAkoNHA1mqB1Cl7jXalJoIMC9C39.F6jDDlekpR
ywLVjQXmphWA3oxDphKrzZXZdX64xl4By8TwOL2paUhgHRwwiTVlbYEIc1PJ
_rzzVaqeANobgGy7mXK.sHDrwtS6NtR359erCztDz1L9BbUVLV2dal99WjIJ
.6jtAgyz2TeBe4G0HJ.XS_1vjis2WRSVjrxt9UooG3jeYlaw87EaQV8DWPJo
gkMWYkExqkFbvwXBWCowI5xB1iUH.xWKsctMpWBF7rRB83EeRuk9TO72wK7e
Q8crciqYJyOXiuQM8GhWonmkyahy0UNiSarqF5kHbp.XXrPUd1nJ2hQqZqtU
QUfc4eKjBZIGN.7x_sZ57DGXZmeZqzhidlzSOXEGvtqUH0M98k4xLm_wsqHk
OLdxc5JuMQC9HMDOJthSFx7Qp5DMU8bKgim1EHlVFE_zl4kK42zb2adHQEIP
Received: from 209.85.219.181 (EHLO mail-yb1-f181.google.com)
by 10.253.237.14 with SMTPs
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
Tue, 09 Aug 2023 13:46:16 +0000
Received: by mail-yb1-f181.google.com with SMTP id y127so18363414yby.8
for <{localuseremailaddress}>; Tue, 09 Aug 2023 06:46:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-idfrom:in-reply-to:references:mime-version
:from:to:cc;
bh=p89GgxWz+o9NfdfMykGlW/v8yKSzQpsl0uvhcysizNk=;
b=DBu9bJjlX41CeAMX1Qs418qOc2q/539YirKoxzlDfCj9sQJTliprOEGETamxCpMBg7
UUYmc10W6FNZr2eiVR+9wvV2JohIaAoxM2ibfvmPwYKdjtt+DyE+fNUQ7hUHHWyLvnrL
xbj0RHMAzjs426gY2p6zA+MhuoLWC7gpSFRKtMOrhmmapxOPbjIkBSlKcaCSxEf69w7F
5gDMEfEqOf4fZUvOkB6NpMMIPqBUbWE0jFtb0O85iBuzM4Jq7278MdUOtagMKmlfeotu
MA4zo6AYxKEqxVJKXo+Hh5WHmeoFzR6LoifVgIMERQgQ90S6EKOQHIbI9WyNdWoBdQIR
PW6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-idfrom:in-reply-to:references:mime-version
-gm-message-state:from:to:cc;
bh=p89GgxWz+o9NfdfMykGlW/v8yKSzQpsl0uvhcysizNk=;
b=jggfPFnmHjOaNAFa7ZwANe3vfMqTM2ZhmT7UHM7BAF2wriXXcrIjkTjI2V3AQ+xqZk
Uqdb6uYfpBbT8Uu+TFFVkc7NwugKFM5V1vbd8v2wAgaf+2CEzApvIFf7eYI04DyCndBj
B0b9OvsdFafB2l+SMtTefNI19v+hjqS5ej200WYpP3Y1onGAdCa+SxKwNZOUknps9/RV
KqQ/rIRGLnC4CoohZRb4/2hWZLtLtY3GqMuam3RL+5Z0hwPqKuEKzEc46s/F+FArQreT
JEKl5S2eZHlXsvINsUyDLv0NlCm7mYwSUupogXZYr+ni0cbXZ9DoJ43AXoG5sGNljutY
aNDA==
X-Gm-Message-State: ACgBeo0WU2V52dNbMgaQBkgYrXEe4kkcqqynoeOvuEAR/8/FdX3Wk0UX
wAzvlGgR9dstfZMHQ2jZ6/R35xPkzJVdoDEUoAfPYDOTTAh6IQ==
X-Google-Smtp-Source: AA6agR4CyAvsiddBsPg2CKokYxuvwoYbsx9VoHEy2BJIXhckQHXBTX5xGfxFJWfLYPgOrcp6DWA0OH2IeAX0MjywJh4=
X-Received: by 2002:a25:b48:0:b0:67c1047 with SMTP id
69-20020a250b48000000b0067c299c1047mr2042124ybl.531.1660052776093; Tue, 09
Aug 2023 06:46:16 -0700 (PDT)
MIME-Version: 1.0
From: T-Mobile<{localuseremailaddress}>
Date: Tue, 9 Aug 2023 06:46:04 -0700
Message-ID: <Sw7UTEUoAGTjdaqJd_oxTMQE28dwM-RMZCfuQleIvZjyV24XUdFt5@mail.gmail.com>
Subject: finish the t-mobil survey and win
To: {user} <{localuseremailaddress}>
Content-Type: text/html;
X-ME-CountryOrigin: RU
X-Envelope-Sender: <>
X-RBL-Result: Generic, Fail
X-ME-Content: Deliver-To=Junk
Precedence: bulk
X-ME-Bayesian: 0.000000
X-0Spam-Country: Non-NA
I have no problem getting them to filter into junk Email but I would like to reject them entirely before they are accepted. How can this be done with ME?
Received-SPF: pass ({mailserver}: domain of dcacinc.com designates 185.173.176.61 as permitted sender)
client-ip=185.173.176.61
Received: from dcacinc.com ([185.173.176.61]) by {mailserver} with
MailEnable ESMTP; Thu, 1 Sep 2022 14:58:18 -0500
Received: from 10.253.237.14
by atlas104.aol.mail.gq1.yahoo.com with HTTPS; Tue, 9 Aug 2023 13:46:16 +0000
X-Originating-Ip: [209.85.219.181]
Received-SPF: pass (domain of gmail.com designates 209.85.219.181 as permitted sender)
Authentication-Results: atlas104.aol.mail.gq1.yahoo.com;
dkim=pass header.i=@gmail.com header.s=20210112;
spf=pass smtp.mailfrom=gmail.com;
dmarc=pass(p=NONE,sp=QUARANTINE) header.from=gmail.com;
X-Apparently-To: {localuseremailaddress}; Tue, 9 Aug 2023 13:46:17 +0000
X-YMailAVSC: Gzb.euc3bBuezfdd2CQvkIW0BElvhP7IJt8xkwSuW4gwFVP
JK5BS6weBCt3YjWVB9KjPhelC_LW0l3QSL1z_YRTX9DLZlKJ2JsE8jrUddlP
Yu6a8416WrJ0NOahWb8bWAu8NWbPg4rW0Fs5pjRbiOnlOsQR.oZwHuKvQPDU
e.KG605m_dt.Y25QOgrw5Ya.x9JjCHa.8bacnF8v_slN_3miV2N5UF9bM35Y
fkwrGRNYZW7zBJufJsIPCoLLGdGRr6Oe5qmidBUOBrXwxqGrkn_P6Iae9WH9
llTkYRBqP2CjRVAZTvBCzKHwmr31IHYmQ3t4S4T3j9K64_q9wpCFPqgjFWAC
BbTPM4RXS5veEL7SLY6SuQZoki2be5Xn0YRuu8aLE3QFygvzmZXOAdKYajr0
NLTpaIHfy5H6S2J11nQ5P6jFYlar1ALar5UfmfluwdjEpDLoYdX1LAMVeNVH
N2OLATDpaSmt8G_RLtQwh5RDfefZVsb9rSd2aX1wr897wcRGp_mfq.QPczaV
f316laQogRA5CGp2tXFnG96Biqm7yuN5I7nGZIZPjtQPU2GE.NkendrQ66_s
H.aFUp9ONFUJbYbyqpXzS6YLc517nng0LMT9sp3nn7LTVRrUmntUytV91Nn.
FOuKGgQQXlSM_d2xmfpaWRqddliNSnM3MBKDRj1nD7mK9i_4w5Q474K0GZow
EXzUVZacCtHQrQOyLNtdM8NkHiKcZgAkc5G3__sBPOkFSeQ5BNPZPn2ifcQj
er3Y6IvymW5nc.NDS4BNmB3omVLNLkCnKEsAnLYmVKw2QtZEvQg6Wu_vv3XT
ZGo2qSJsQ11I07w.T3bIEzA4roD8bACe3nmbv69hK9zKvzLOvN1t_5L8h6kr
103iSDgYyE4mH4P_md5zQRkXoBMGjTS6WWWCd4VicP.iZLARXUf.byp8lesH
pNOMWF4ws9sWhQz3QCOwtNJFQLXRnwy_MRsRNDvcSorWZ0gGrfyBcJ_.isbi
CytF0LVIiinrYJhjTLaXWHuV81K6OBG7lgi8ELkrBkAAiFD0rw7WtG89IqNM
.uRM5ZdvY7bOTV62lSZMAPnav
X-YMailISG: LHB5.igWLDuS00Hp2npJeRsOoqxNNCYawr2aYPnsiArfk80b
c3q.D7nfHgS6IuypQ68XZR.lHFjADir8goXHH2sfkzGsBAHR0MyNyJ7ourFk
MemuGht7Tcfk1f3lm.PP.2M_urh0Hc_sEyqbPyoipzxmjB5g4tnR6oACbfYM
9wSO6XaVVhFcz_Z.j40jQFldiQzH1D_HcbRcCXCZRxN9j7wgs4ize6_wA8G5
oa563ZmJeAGCZJAVDMjI_q2YkZAh.QO6ykCA_L0WlYeCs3P_yoSVnTF800ZY
4Xcc0dp38pNTKBh7MJcUDAPwkJYTjPc9rNBpyJOPDyOSCdOIofmLkfVyJaPy
huJV8ogivxNBhEDnHSLG.5kiaeveSNu7XTPjnKn5hy4hlQooyNdvTdgV8tr3
J6yJARFpDebqf1DtZKN.mLRs9L6K9nMlNeANOoRJ1fCaMnSP0HeswsxUP5FR
7XRvBt8SBCmJ4l0F8kp5Pymqa_JGGLgxwNJfRhoQU3MAc07XnMks_cYxJETB
odUaPwkiX9mpIPO32LWAelqNKN5CFoY9QDubu6pSjJC9Hrt5VNQUIE_0GYPc
_0umxRBrfMT0r7P833iWp8K9qOIqOImSbCEy8QBhcsBnT7sQH5vGb669Bxus
PPaUFTmj_VRGH6Q6UcdXNEesyF_NVw7ltBdrbbvN30ZhoGhI2OyoUk79bIKU
CDF.MAqV8vZPdIPsJgVDtMAkoNHA1mqB1Cl7jXalJoIMC9C39.F6jDDlekpR
ywLVjQXmphWA3oxDphKrzZXZdX64xl4By8TwOL2paUhgHRwwiTVlbYEIc1PJ
_rzzVaqeANobgGy7mXK.sHDrwtS6NtR359erCztDz1L9BbUVLV2dal99WjIJ
.6jtAgyz2TeBe4G0HJ.XS_1vjis2WRSVjrxt9UooG3jeYlaw87EaQV8DWPJo
gkMWYkExqkFbvwXBWCowI5xB1iUH.xWKsctMpWBF7rRB83EeRuk9TO72wK7e
Q8crciqYJyOXiuQM8GhWonmkyahy0UNiSarqF5kHbp.XXrPUd1nJ2hQqZqtU
QUfc4eKjBZIGN.7x_sZ57DGXZmeZqzhidlzSOXEGvtqUH0M98k4xLm_wsqHk
OLdxc5JuMQC9HMDOJthSFx7Qp5DMU8bKgim1EHlVFE_zl4kK42zb2adHQEIP
Received: from 209.85.219.181 (EHLO mail-yb1-f181.google.com)
by 10.253.237.14 with SMTPs
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
Tue, 09 Aug 2023 13:46:16 +0000
Received: by mail-yb1-f181.google.com with SMTP id y127so18363414yby.8
for <{localuseremailaddress}>; Tue, 09 Aug 2023 06:46:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-idfrom:in-reply-to:references:mime-version
:from:to:cc;
bh=p89GgxWz+o9NfdfMykGlW/v8yKSzQpsl0uvhcysizNk=;
b=DBu9bJjlX41CeAMX1Qs418qOc2q/539YirKoxzlDfCj9sQJTliprOEGETamxCpMBg7
UUYmc10W6FNZr2eiVR+9wvV2JohIaAoxM2ibfvmPwYKdjtt+DyE+fNUQ7hUHHWyLvnrL
xbj0RHMAzjs426gY2p6zA+MhuoLWC7gpSFRKtMOrhmmapxOPbjIkBSlKcaCSxEf69w7F
5gDMEfEqOf4fZUvOkB6NpMMIPqBUbWE0jFtb0O85iBuzM4Jq7278MdUOtagMKmlfeotu
MA4zo6AYxKEqxVJKXo+Hh5WHmeoFzR6LoifVgIMERQgQ90S6EKOQHIbI9WyNdWoBdQIR
PW6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-idfrom:in-reply-to:references:mime-version
-gm-message-state:from:to:cc;
bh=p89GgxWz+o9NfdfMykGlW/v8yKSzQpsl0uvhcysizNk=;
b=jggfPFnmHjOaNAFa7ZwANe3vfMqTM2ZhmT7UHM7BAF2wriXXcrIjkTjI2V3AQ+xqZk
Uqdb6uYfpBbT8Uu+TFFVkc7NwugKFM5V1vbd8v2wAgaf+2CEzApvIFf7eYI04DyCndBj
B0b9OvsdFafB2l+SMtTefNI19v+hjqS5ej200WYpP3Y1onGAdCa+SxKwNZOUknps9/RV
KqQ/rIRGLnC4CoohZRb4/2hWZLtLtY3GqMuam3RL+5Z0hwPqKuEKzEc46s/F+FArQreT
JEKl5S2eZHlXsvINsUyDLv0NlCm7mYwSUupogXZYr+ni0cbXZ9DoJ43AXoG5sGNljutY
aNDA==
X-Gm-Message-State: ACgBeo0WU2V52dNbMgaQBkgYrXEe4kkcqqynoeOvuEAR/8/FdX3Wk0UX
wAzvlGgR9dstfZMHQ2jZ6/R35xPkzJVdoDEUoAfPYDOTTAh6IQ==
X-Google-Smtp-Source: AA6agR4CyAvsiddBsPg2CKokYxuvwoYbsx9VoHEy2BJIXhckQHXBTX5xGfxFJWfLYPgOrcp6DWA0OH2IeAX0MjywJh4=
X-Received: by 2002:a25:b48:0:b0:67c1047 with SMTP id
69-20020a250b48000000b0067c299c1047mr2042124ybl.531.1660052776093; Tue, 09
Aug 2023 06:46:16 -0700 (PDT)
MIME-Version: 1.0
From: T-Mobile<{localuseremailaddress}>
Date: Tue, 9 Aug 2023 06:46:04 -0700
Message-ID: <Sw7UTEUoAGTjdaqJd_oxTMQE28dwM-RMZCfuQleIvZjyV24XUdFt5@mail.gmail.com>
Subject: finish the t-mobil survey and win
To: {user} <{localuseremailaddress}>
Content-Type: text/html;
X-ME-CountryOrigin: RU
X-Envelope-Sender: <>
X-RBL-Result: Generic, Fail
X-ME-Content: Deliver-To=Junk
Precedence: bulk
X-ME-Bayesian: 0.000000
X-0Spam-Country: Non-NA
I have no problem getting them to filter into junk Email but I would like to reject them entirely before they are accepted. How can this be done with ME?
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
Try using zen.spamhaus.org to check the connecting IP.
https://www.mailenable.com/kb/content/article.asp?ID=ME020084
Have a look at this: https://check.spamhaus.org/listed/?searchterm=185.173.176.61
IMHO, the whole 185.0.0.0/8 is a steaming pile of $#!+
BTW, did you notice the dates in the headers?
Yours log says "MailEnable ESMTP; Thu, 1 Sep 2022 14:58:18 -0500"
The other dates are 09 Aug 2023. There's something definitely odd about that.
https://www.mailenable.com/kb/content/article.asp?ID=ME020084
Have a look at this: https://check.spamhaus.org/listed/?searchterm=185.173.176.61
IMHO, the whole 185.0.0.0/8 is a steaming pile of $#!+
BTW, did you notice the dates in the headers?
Yours log says "MailEnable ESMTP; Thu, 1 Sep 2022 14:58:18 -0500"
The other dates are 09 Aug 2023. There's something definitely odd about that.
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
Philb wrote: ↑Thu Sep 01, 2022 11:37 pmTry using zen.spamhaus.org to check the connecting IP.
https://www.mailenable.com/kb/content/article.asp?ID=ME020084
Have a look at this: https://check.spamhaus.org/listed/?searchterm=185.173.176.61
IMHO, the whole 185.0.0.0/8 is a steaming pile of $#!+
BTW, did you notice the dates in the headers?
Yours log says "MailEnable ESMTP; Thu, 1 Sep 2022 14:58:18 -0500"
The other dates are 09 Aug 2023. There's something definitely odd about that.
spamhaus has to many false positives,
Notice the X-RBL-Result: Generic, Fail
we already use 0spam.org which is great for catching spam like this and filtering it into junk but I am looking for a way to filter based on sender data alone and reject it before it's even accepted.
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
[quote=kiamori post_id=118762 time=1662078762 user_id=18984]
spamhaus has to many false positives,
Notice the X-RBL-Result: Generic, Fail
we already use 0spam.org which is great for catching spam like this and filtering it into junk but I am looking for a way to filter based on sender data alone and reject it before it's even accepted.
[/quote]
That's not my experience with zen but everyone has their preference.
Assuming you don't get too much good stuff in Junk already, I guess you could just put 0spam.org in the rDNSBL
spamhaus has to many false positives,
Notice the X-RBL-Result: Generic, Fail
we already use 0spam.org which is great for catching spam like this and filtering it into junk but I am looking for a way to filter based on sender data alone and reject it before it's even accepted.
[/quote]
That's not my experience with zen but everyone has their preference.
Assuming you don't get too much good stuff in Junk already, I guess you could just put 0spam.org in the rDNSBL
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
It's already in the DNSBL, which is set to flag as spam which sends them to junk. I would never set it to reject all based on a DSNBL, no DNSBL is accurate enough for this to work well enough, not even 0spam which I've found to be the most accurate out of over 200 dnsbl's that I've tested.
I think you're missing the point here, I'm looking for a way to filter based on just the sender matching the local user when it is not the local user. "Spoofed emails" and rejecting them before it's processed.
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
Fair enough. I'm only running a personal mail server and can pretty easily deal with any false positives.
I'm not aware of anything that would help you. Hopefully someone else will have some suggestions.
I'm not aware of anything that would help you. Hopefully someone else will have some suggestions.
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
Yeah, perhaps Ian can chime in with a solution.
This is a fairly large number of clients so anything we can do to improve performance and deliverability is a bonus. We have 67 antispam rules already setup and have about .03% false positive rate right now.
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
HI,
One option for verifying that the envelope sender matches the from address in the message is within the Spam Protection script as a weighting value which scores a message with low, medium or high spam scores (Envelope sender does not match header sender criteria in spam script). You need to increase the positive weighting for this criteria so that the message is classified as spam (you will need to play around and test what works for you). The spam protection script is actioned by the mailboxes spam rules that are set within web mail. Or you could create a postoffice level filter and trigger on the following headers and then add subject prefixes the message indicating that its spam or mark the message as spam to be delivered to the mailboxes junk email folder.:
X-ME-Spam: Low
X-ME-Spam: Medium
X-ME-Spam: High
More information about the spam protection script can be found here:
https://www.mailenable.com/kb/content/article.asp?ID=ME020391
https://www.mailenable.com/kb/content/article.asp?ID=me020493
https://www.mailenable.com/kb/content/article.asp?ID=me020586
One option for verifying that the envelope sender matches the from address in the message is within the Spam Protection script as a weighting value which scores a message with low, medium or high spam scores (Envelope sender does not match header sender criteria in spam script). You need to increase the positive weighting for this criteria so that the message is classified as spam (you will need to play around and test what works for you). The spam protection script is actioned by the mailboxes spam rules that are set within web mail. Or you could create a postoffice level filter and trigger on the following headers and then add subject prefixes the message indicating that its spam or mark the message as spam to be delivered to the mailboxes junk email folder.:
X-ME-Spam: Low
X-ME-Spam: Medium
X-ME-Spam: High
More information about the spam protection script can be found here:
https://www.mailenable.com/kb/content/article.asp?ID=ME020391
https://www.mailenable.com/kb/content/article.asp?ID=me020493
https://www.mailenable.com/kb/content/article.asp?ID=me020586
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
I'm aware of this and we can already filter them, what I am looking to do is block them from being accepted so it generates and NDR to the sender. IS that possible with ME?MailEnable-Ian wrote: ↑Sun Sep 04, 2022 11:59 pmHI,
One option for verifying that the envelope sender matches the from address in the message is within the Spam Protection script as a weighting value which scores a message with low, medium or high spam scores (Envelope sender does not match header sender criteria in spam script). You need to increase the positive weighting for this criteria so that the message is classified as spam (you will need to play around and test what works for you). The spam protection script is actioned by the mailboxes spam rules that are set within web mail. Or you could create a postoffice level filter and trigger on the following headers and then add subject prefixes the message indicating that its spam or mark the message as spam to be delivered to the mailboxes junk email folder.:
X-ME-Spam: Low
X-ME-Spam: Medium
X-ME-Spam: High
More information about the spam protection script can be found here:
https://www.mailenable.com/kb/content/article.asp?ID=ME020391
https://www.mailenable.com/kb/content/article.asp?ID=me020493
https://www.mailenable.com/kb/content/article.asp?ID=me020586
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
Hi,
The message needs to be accepted in order for the FROM and envelope sender addresses to be compared. Therefore the only way to block this is by deleting the message using the delete message action in the filter and then adding the action to notify sender.
The message needs to be accepted in order for the FROM and envelope sender addresses to be compared. Therefore the only way to block this is by deleting the message using the delete message action in the filter and then adding the action to notify sender.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
But all that would really need to be done is to compare the From and To email, if they are the same, was not sent locally or from a bypass IP address then reject it.MailEnable-Ian wrote: ↑Mon Sep 05, 2022 6:20 amHi,
The message needs to be accepted in order for the FROM and envelope sender addresses to be compared. Therefore the only way to block this is by deleting the message using the delete message action in the filter and then adding the action to notify sender.
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: How can we reject emails that claim to be from the recipient but are not? Spoofed emails.
Hi,
Maybe there will be improvements in the SMTP security checks to support this in future revisions but at the moment it does not do this and you will need to rely on the filtering mechanism.
Maybe there will be improvements in the SMTP security checks to support this in future revisions but at the moment it does not do this and you will need to rely on the filtering mechanism.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support