Question:
How can you stop email spoofing on a network?
SigEpShawn
2009-03-18 17:06:54 UTC
I am running exchange server 2007 with the anti spam protection on. Also am running our email through a barracuda firewall. I am still getting spoof emails through (emails that say the senders address is the same as the recievers). Barracuda has not helped much in helping. Has anyone else figured out how to stop these?
Four answers:
2009-03-18 17:54:31 UTC
I was having the same issue here is what I configured my Anti-Spam agent settings to on exchange. Depending on your deployment you will configure this on your internal Hub Transport server or your external Edge Transport server.



You will need to open the EMC and expand Organization Configuration select Hub Transport and then the Anti-Spam Tab.



The setting that you want to check is under Sender Reputation. Select the Sender confidence check that box and then select the Action tab. I have this set at 7.



I also have the following setup for the rest of the agents.



Content Filtering-

Action tab- Reject SCL = or greater than 7. This is high but I will show you a way to set the global junk email SCL lower that way the users will get the emails to their Junk email folder and if they are valid emails they can keep them.



Set up IP allow list Providers and Block list providers. These are helpful.



Recipient Filtering-

Blocked Recipients- Check the first box.



Sender Filtering-

Action Tab- Reject Message



Sender ID-

Action Tab- This is up to you. I have it set to Stamp message.



To set the Organization junk threshold. This command will show you the current level is.



Open the Exchange Management Shell. Input Get-OrganizationConfig You will see this heading midway down SCLJunkThreshold and the current value. I have this set to 4. The default is 8. To change the value enter set-OrganizationConfig -SCLJunkThreshold and the value.



Be advised that this can be overridden in Outlook by a user. Most users will not be able to make the changes but some may. Users that are getting hit really hard can up their Junk E-mail options to High. The default is low.



Hope this helps.
Joshaven Potter
2009-03-18 17:36:04 UTC
Understanding what happens with an email is very helpful to the answer your looking for. In short you could have some service check if the email is logical but the problem is that your system has a very hard time knowing that your not sending a message to your self because that is a valid operation. You could block messages to yourself.



What is happening is that the user is using an SMTP server somewhere to send a message to you... it connects to your exchange server and says... do you receive messages from blah@me.com and it says... why yes I do... then it says I have one over here that's for you, here you go.



If you were sending from a computer that used that SMTP server to send outgoing messages then this message would be legit but how does your SMTP server know that your not using that SMTP server to relay your message?
PC_Tech84
2009-03-18 17:19:29 UTC
Barracuda network settings can "ban" IP addresses and/or ranges.Also countries.Even when emails are "spoofed" they still have an originating IP and that's the only way to do it.
roxie
2016-05-23 05:45:38 UTC
I think you can report the emails directly to your mail carrier as malicious spam or something. There is no good way to get them to stop other than to be careful who you give your email address to. Do you have a good anti-virus installed? People may be stealing your personal information because it does happen and has happened to me before.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...