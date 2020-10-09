Geekzone: technology news, blogs, forums
Forums IT Pro and developers spam filtering service : execting too much ?
#277351 9-Oct-2020 14:13
Hi . A general question about spam filtering services

 

spoofed emails : is it too much too expect spoofed emails to be blocked by profession spam blocking systems/services ?
Specifically emails spoofed to look like they came from within the companies domain

 

eg
email spoofed to look like it came from within the company
From in outlook show as from (say) theboss@company.co.nz
Headers : from shows 'theboss@company.co.nz' , but ACTUAL sender in the headers shows (say) mrhacker@clickmeplease.com

Ignoring spf filtering ....
can/should a spam filter detect spoofed emails pretending to be from the domain(exchange server IP)  but came from somewhere else
Not expecting every spoofed email to be blocked, I would have expected the domains email adress to be protected from spoofing when this shows in the headers

Is there more to it than what Im thinking ?

Andib
  #2581929 9-Oct-2020 14:25
Yes and no, There are some legitimate reasons to spoof an email (marketing departments seem to love to using a 3rd party sender to bulk email but insist it comes from the corporate domain and not a sub domain). This is why DKIM / SPF / DMARC are important to prove what is genuine and what isn't.

 

I know filtering services like Office365 ATP & Mimecast both offer anti-spoofing protections that work pretty well in the situations you've described however there will always be some that fall through the cracks.

