Home page logo
/

basics logo Security Basics mailing list archives

RE: Protection against fake mails
From: "Jens C. Laundrup" <laundrup () verizon net>
Date: Thu, 10 Apr 2008 10:14:23 -0700

You can also look at such technologies as SenderID which is supposed to help
guard against spoofing trusted domain names 

-----Original Message-----
From: securityfocus2 () googlegroups com
[mailto:securityfocus2 () googlegroups com] On Behalf Of Mark Owen
Sent: Wednesday, 09 April, 2008 12:22
To: WALI
Cc: security-basics () securityfocus com
Subject: Re: Protection against fake mails


On Wed, Apr 9, 2008 at 12:37 PM, WALI <hkhasgiwale () gmail com> wrote:
 How do I guard against such emails originating from fake email 
impersonations. Is there something I can do at our email gateway, 
proxy or exchange sever (2003) levels?


Basic protection is to only allow e-mail originating from your domain name
to be allowed from a specific set of trusted mail servers.  This will
protect you internally from fake e-mails spoofing your domain but will not
block other spoofed domains.  Spoofed e-mails from other domains may be
blocked by relying on reverse DNS lookup and comparing the resultant domain
with that of the one specified in the e-mail, but this will also block
misconfigured servers and some sites on shared hosting.  Long answer short,
if you don't want to miss any e-mails then theres really not much you can
do.

What you can do to prove that your domain is not spoofed is to enable
DomainKeys[1] on your server.  If everyone did this then blocking fake
e-mails would be possible.

Hope this helps.



[1] http://en.wikipedia.org/wiki/DomainKeys




--
Mark Owen


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault