Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

Email Security and Spam Terminology

Zero Day Window

BATV

Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Email Load balancing

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Outbound email filtering

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails

SMTP IMAP4 or POP3

Spoofed email

Stopping spam for Networks guide

Email Throttling

What is Spam

Which Spam filter

Whitelists and Blacklists

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security Tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

 

 

What is spoofing email addresses

 

A spoofed address is one which is sent to a recipient, but is not coming from the sender shown on the sender address of the email. Some spammers try and send emails to a company making it look like the email has come from another user from the same company. Spam firewalls can easily detect this because if an internal sender was to send an email message to another internal user, the delivery of the email message is done via the local email server such as Microsoft Exchange or Domino server, and never hits the SMTP Proxy server (Spam firewall). This is because the Email proxy is configured so emails only filter through it when they are destined for the outside world or when they are destined from the outside world; internal to internal does not filter through the proxy. The only exception to this rule is when a plug-in is installed on the email server in which it captures internal email and passes it on to the gateway Proxy server for internal scanning.

So when an email coming from the outside world to user@company.com, has a sender address of user2@company.com, the spam firewall will know this is spoofed. If the spam firewall does not do this by default then you can usually set a rule which would say something like mail from these senders to these senders, classify as spoofed address, and quarantine them in the spoofed quarantine area. However some proxy servers have such a setting in which you can enable though blocking spoofed addresses. The setting will effectively block any emails from internal domains to internal domains.

Ways to prevent spoofed email from external senders are to use sender authentication techniques such as SPF, Sender ID and DKIM. These different techniques would verify the sender is who they say they are.

Further Reading

Wikipedia's guide to Email Spoofing