Results 1 to 6 of 6
Thread: Email spoofing
11-16-2005, 09:52 AM #1dnskingGuest
we have got complaint from our client that, emails are sent using their email address, I have setup the SPF record, but still going through it. any help?
11-17-2005, 03:08 PM #2
- Join Date
- Jan 2004
does it orrigionate from the IP of your server?Seeksadmin - For all your administration and security needs.
11-24-2005, 04:57 AM #3ninjatuneGuest
there is a chance a perl/cgi/php script on your server is causing the problem.
12-02-2005, 08:57 AM #4ManXPGuest
Probably it's just a virus using faked email address.
Are you sure virus was sent from YOUR server?
12-08-2005, 10:31 AM #5
- Join Date
- Nov 2003
- Castle Rock, CO
Clients contact me about this all the time. They are more than likely not sent from your mail server but just have a return / send email address of that particular domain. One of my sites that has been up since about 1996 is abused like this a lot - I get returned emails messages to something like LucienRhoadescontradistinction@example.com (just got this one now).
One way to help is to get rid of the catchall. I love my catchall but I am thinking of doing something with it. Having the SPF record will help as well since a lot of servers are checking that these days
06-03-2006, 08:36 PM #6Simon SGuest
Eventhough, Sender Policy Framework (SPF) is an emerging standard by which the owners of domains identify their outgoing mail servers in DNS, and then SMTP servers can check the addresses in the mail headers against that information to determine whether a message contains a spoofed address.
SPF does NOT limit in ANY WAY spoofed e-mails.
This is due to the fact, that the SPF standard does not protect the "From" address, which is seen in the e-mail client, but the so-called envelope sender address, visible only, when the message source is opened (in the Return-Path header).
Users need to implement Simple Authentication and Security Layer (SASL) SMTP for sending mail. Once this is accomplished, administrators can set their domains so that unauthenticated mail sent from them will fail, and the domainís name canít be forged.
Other technological solutions, such as digitally signed e-mail, with either desktop or gateway verification, have been proposed by such bodies as the Anti-Phishing Working Group
Technical Support Executive,