Re: Protection against fake mails

---

• From: "Captain Bock" <captbock@xxxxxxxxx>
• Date: Thu, 10 Apr 2008 10:21:59 +0100

---

A few years ago, I needed to add an SPF record to my domains because
some banking servers required it.
I guess this was also an interesting solution.
Does someone know what's the state of the art of SPF?

On Wed, Apr 9, 2008 at 8:22 PM, Mark Owen <mr.markowen@xxxxxxxxx> wrote:

On Wed, Apr 9, 2008 at 12:37 PM, WALI <hkhasgiwale@xxxxxxxxx> wrote:
> How do I guard against such emails originating from fake email
> impersonations. Is there something I can do at our email gateway, proxy or
> exchange sever (2003) levels?
>

Basic protection is to only allow e-mail originating from your domain
name to be allowed from a specific set of trusted mail servers. This
will protect you internally from fake e-mails spoofing your domain but
will not block other spoofed domains. Spoofed e-mails from other
domains may be blocked by relying on reverse DNS lookup and comparing
the resultant domain with that of the one specified in the e-mail, but
this will also block misconfigured servers and some sites on shared
hosting. Long answer short, if you don't want to miss any e-mails
then theres really not much you can do.

What you can do to prove that your domain is not spoofed is to enable
DomainKeys[1] on your server. If everyone did this then blocking fake
e-mails would be possible.

Hope this helps.



[1] http://en.wikipedia.org/wiki/DomainKeys




--
Mark Owen

---

• Follow-Ups:
  • Re: Protection against fake mails
    • From: Jarrod Frates
  • RE: Protection against fake mails
    • From: Jens C. Laundrup

• References:
  • Port Monitoring Software
    • From: Tinu Koshy (CISD)
  • RE: Port Monitoring Software
    • From: Mohamed Senan
  • Protection against fake mails
    • From: WALI
  • Re: Protection against fake mails
    • From: Mark Owen

• Prev by Date: Re: Protection against fake mails
• Next by Date: Re: FW/IPS log correlation software
• Previous by thread: Re: Protection against fake mails
• Next by thread: RE: Protection against fake mails
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Protection against fake mails ... It is not a foolproof solution but it is another rock we can throw ... Subject: Protection against fake mails ... name to be allowed from a specific set of trusted mail servers. ... Spoofed e-mails from other ... (Security-Basics) Re: Help with incoming mail restrictions?! ... I have 2 Exchange Server 2003 servers receiving e-mail. ... Recipients who are not in the Directory" toggle. ... There has to be a way to just totally ignore these e-mails. ... (microsoft.public.exchange2000.admin) Re: Exchange 2007 not sending to some domains ... Only e-mails ... with attachments are not reaching their destination and timing out. ... "Protecting the world from PSTs and brick backups!" ... Does anybody know why it wouldn't send this to just some servers? ... (microsoft.public.exchange.admin) Re: Protection against fake mails ... After sending my first message I googled for SPF and found some of the ... Subject: Protection against fake mails ... > name to be allowed from a specific set of trusted mail servers. ... Spoofed e-mails from other ... (Security-Basics) Re: Disapearing DC ... "Paul Bergson" wrote: ... Please no e-mails, any questions should be posted in the NewsGroup ... But after restart all of this faild test are ok. ... Replace failing_dc_name with the name of the dc in this servers site. ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)