none
How to block or minimize the email spoofing from the internal or accepted domain? RRS feed

  • Question

  • Dear Exchange Server Expert,

    We have in house mail server running Microsoft Exchange Server 2010. currently, some users are always receiving the email spoofing that come from internal domain or accepted domain in exchange. For instance, I am on test.com domain and I receive email spoofing that come from my colleague, amy@test.com domain too.

    Currently we are using Symantec cloud as the anti spam server. most of the spam will be blocked but not the email spoofing that using the internal or accepted domains. I think because the content and the sender looks legitimate, that's why the Symantec cloud anti spam has bypass them.

    is there any way that we can prevent or minimize this?

    Thanks.

    Regards,

    Wednesday, September 2, 2015 5:29 AM

Answers

  • Create an SPF record for your email domain and set fail for all unknown source.

    https://en.wikipedia.org/wiki/Sender_Policy_Framework

    Wednesday, September 2, 2015 6:15 AM
  • Hi,

    Take a look here: http://markgossa.blogspot.co.uk/2015/08/understanding-spf-records-part-1.html

    You basically need to specify all SMTP servers that will send email from your domain and configure the -all mechanism at the end of your SPF record to ensure that email is not accepted from SMTP servers that you haven't specified. Make sure you include all the SMTP servers that Symantec will use to send email on your behalf. You should be able to find a published list for other customers who are using their cloud filtering and need to set up SPF records.

    Also, ensure that any secondary mail routes, DR environments, or cloud based email apps have their IPs added to your SPF record.

    Let me know if this answers your question.

    Thanks.


    Mark Gossa

    MCSE 2003, MCITP Enterprise Administrator 2008 R2, MCSA 2012 R2, MCTS Exchange 2010

    Blog: http://markgossa.blogspot.com

    Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Wednesday, September 2, 2015 11:20 PM
  • Hi,

    Great advice from above.

    Furthermore, we need ensure relevant PTR record for outbound mail server. To minimize of email spoof, please refer to below link in "Q. What are a set of best outbound mailing practices that will ensure that my mail is delivered? " section: https://technet.microsoft.com/en-us/library/jj937231(v=exchg.150).aspx


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Friday, September 4, 2015 9:43 AM
    Moderator

All replies