Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


1101

2316 posts

Uber Geek


#277351 9-Oct-2020 14:13
Send private message quote this post

Hi . A general question about spam filtering services

 

spoofed emails : is it too much too expect spoofed emails to be blocked by profession spam blocking systems/services ?
Specifically emails spoofed to look like they came from within the companies domain

 

eg
email spoofed to look like it came from within the company
From in outlook show as from (say) theboss@company.co.nz
Headers : from shows 'theboss@company.co.nz' , but ACTUAL sender in the headers shows (say) mrhacker@clickmeplease.com

Ignoring spf filtering ....
can/should a spam filter detect spoofed emails pretending to be from the domain(exchange server IP)  but came from somewhere else
Not expecting every spoofed email to be blocked, I would have expected the domains email adress to be protected from spoofing when this shows in the headers

Is there more to it than what Im thinking ?


Create new topic
Andib
1122 posts

Uber Geek

Trusted

  #2581929 9-Oct-2020 14:25
Send private message quote this post

Yes and no, There are some legitimate reasons to spoof an email (marketing departments seem to love to using a 3rd party sender to bulk email but insist it comes from the corporate domain and not a sub domain). This is why DKIM / SPF / DMARC are important to prove what is genuine and what isn't.

 

I know filtering services like Office365 ATP & Mimecast both offer anti-spoofing protections that work pretty well in the situations you've described however there will always be some that fall through the cracks.


K8Toledo
282 posts

Ultimate Geek

Subscriber

  #2581963 9-Oct-2020 15:34
Send private message quote this post

Who is your email provider?


 
 
 
 


BlakJak
794 posts

Ultimate Geek

Trusted

  #2582144 9-Oct-2020 22:19
Send private message quote this post

1101:

Hi . A general question about spam filtering services

 

spoofed emails : is it too much too expect spoofed emails to be blocked by profession spam blocking systems/services ?
Specifically emails spoofed to look like they came from within the companies domain

 

eg
email spoofed to look like it came from within the company
From in outlook show as from (say) theboss@company.co.nz
Headers : from shows 'theboss@company.co.nz' , but ACTUAL sender in the headers shows (say) mrhacker@clickmeplease.com

Ignoring spf filtering ....
can/should a spam filter detect spoofed emails pretending to be from the domain(exchange server IP)  but came from somewhere else
Not expecting every spoofed email to be blocked, I would have expected the domains email adress to be protected from spoofing when this shows in the headers

Is there more to it than what Im thinking ?

 

 

Remember that SPF is only enforced on the envelope, that is, the details exchanged during the SMTP transaction. The details that appear in the headers can (and are) be engineered to differ from the envelope.

 

 

The Envelope consists of the input for the MAIL FROM: SMTP command, which is usually the sender email address, and the RCPT TO: instruction, which is the list of all the relevant recipients for that server.

 

This is how BCC works - RCPT TO specifies the recipient, but the recipient's email address otherwise appears nowhere in the message (ala the headers), except where added by the recipients own mail platform.

 

 

So SPF alone - assuming the domain being forged actually publishes an SPF record that also includes a hardfail instruction - won't protect you if they engineer the envelope differention during transmission.

 

 

Agree with the assertion that DKIM and DMARC are worthy additions that'll help.

 

 

But at the end of the day spammers find that even where the sender address isn't forged, people will fall for things, so this is only incremental in value.

 

One tip: Outlook will show the sender email address, in addition to the name, if the email comes from outside.

 





No signature to see here, move along...

Create new topic





News »

Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00


Orcon to bundle Google Nest Wifi router with new accounts
Posted 7-Oct-2020 05:00


Epay and Centrapay partner to create digital gift cards
Posted 2-Oct-2020 17:34


Inseego launches 5G MiFi M2000 mobile hotspot
Posted 2-Oct-2020 14:53









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.