1

If you have a company in the UK, and its email address is being spoofed, what can be done about it?

Our clients are basically getting emails which we never sent from email addresses which we do not have other than the domain name part of the email address.

Is it possible to stop this some how?

Improve this question
4
  • There is nothing that can be done. Anyone can send an email and it can be configured as anyone else sent it, but who actually sent it, is in the headers. So your clients need to look at the header before they complain to you.
    – Ramhound
    Commented Jun 5, 2014 at 10:11
  • @Ramhound That would be true if this was the '90s, but while it still sucks there are now SOME things that can and should be done to mitigate this. There is no silver bullet but there is much more than nothing!
    – Caleb
    Commented Jun 5, 2014 at 10:56
  • @Caleb - Blizzard for examples uses a SPF record, that does not stop the criminals, from sending emails pretending to be from Blizzard. Your right there are ways to indicate you are actually who sent it, and the lack of that information, indicates you didn't send it. But there is nothing you can do *STOP that email from being sent out and claiming to be from you.*
    – Ramhound
    Commented Jun 5, 2014 at 11:01
  • @Ramhound I realize you can't stop people from sending things out that are spoofed, but your first comment says «There is nothing that can be done.» End of sentence. And that simply is not true. Even if they get sent out you can actually stop many major providers from accepting such spoofs using properly configured domain signing and SPF records. Getting such spoofs sent to spam or even denied at the SMTP relay is a huge win combating this kind of issue. Email still sucks in this department, but don't tell people to do nothing, that only makes it worse for everybody.
    – Caleb
    Commented Jun 5, 2014 at 11:07

3 Answers 3

Reset to default
4

At the very least, you could (and should) set up an SPF record for your mail domain.

Microsoft has a great Sender ID Framework SPF Record Wizard available to help with the construction.

However, please note that this doesn't do anything on its own. Receiving MX servers still would have to check your SPF records when they receive an email from an address belonging to your domain. So this can help, but it's not a guarantee.

Improve this answer
3
  • Implementing SPF will at least make you NOT the easiest target, which helps a lot. Lots of major providers will start marking messages that don't come from verified hosts as spam, greatly reducing the impact of spoofs like this. As you said it does not stop people from trying, but it does cut down on the damage they can do.
    – Caleb
    Commented Jun 5, 2014 at 10:54
  • Question about the SPF record. When you say mail domain, do you mean the domain name registration company we registered the domain name with, or do you mean a domain controller which is inside our own companies LAN? If you mean the DC in the LAN, how does that help if the emails are being generated from outside the company? Only reason i ask is to make sure I have explained the problem properly.
    – user3550
    Commented Jun 5, 2014 at 10:59
  • @user3550 If you send email from [email protected] then the mail domain is contoso.com. The SPF record has to be added to the zone for that domain. As an example, you could use dig txt stackexchange.com | grep spf on a POSIX machine to see a valid setup.
    – Oliver Salzburg
    Commented Jun 5, 2014 at 11:18
2

You can't really stop the spoofing party from sending out emails under your accounts since anyone can do this. There are steps you/your client can take to validate the authorship of the emails if you are prepared to do so.

Some methods require you to take some steps to verify the origin of emails sent on your domain, while you can also work with your registrar/ISP to look at practices in place, but this would depend on the service you are getting.

Some practices you can implement include Sender ID or domain signing. Obviously this would require your clients email server to look for these specific signatures, which you may or may not be able to implement. A simpler solution would be for your clients to look at their spam filter policies and possibly inform them of emails which are known spam and get them to filter these out. All this information should be available in the email header making it easy to block out.

Source: gsinfotech.com

Improve this answer
0

There is very little that can be done. But a good place to start is to look through the information stored in email headers. Often malition emails have most of the information that can lead back to its sender removed but if you are lucky you might have a chance to trace back.

To start, read some info here, here and here about email headers.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .