Blocking emails that claim to come from our domain

Glenn Steen glenn.steen at GMAIL.COM
Sun Dec 4 21:33:30 GMT 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 04/12/05, Nigel kendrick <support-lists at> wrote:
> Apologies if the answer to this is staring me in the face - I have done a
> few searches but without any luck.
> We are seeing a steady stream of emails from
>[] that claim to come
> from an address in our domain (i.e.: admin at and contain
> the usual stuff about verifying passwords, mail accounts being suspended
> etc. All legitimate users have to login to send mail so what's the most
> effective and simple way to block mail from external sources that contain
> our domain name? At the moment I am just putting the subjects in a
> spamassassin rule but it's a bit of a 'blunt' way of trapping them.
> Thanks
> Nigel Kendrick
Reject at the MTA (I use Postfix, and have a nice "ati-spoof" check
that I apply on HELO and senders... All trusted clients are handled by
a permit_mynetworks, so aren't affected). If it is a single IP, then
just firewall it.

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list