Email address spoofing
Alex Neuman van der Hans
alex at rtpty.com
Thu Oct 2 17:23:20 IST 2008
Short answer: NO. You can't stop people from *trying* to spoof you.
Long answer: You need to discourage people from spoofing you, and to
discourage others from accepting spoofed messages.
To do this, you need to do three things:
1. Let the world know that messages from you should only come from a
certain set of IP addresses. See http://openspf.org/ for more info.
2. Force the use of authentication in order to use your mail servers
as a gateway. You don't want your own computers to "spoof" you when
infected by trojans and such.
3. Use a milter such as milter-null, which signs each outgoing
message, so that bounces that did not originate from your server are
not received. Leverage this with MailScanner's "Watermark" feature so
that your server doesn't accept or deliver spoofed messages.
On Oct 2, 2008, at 11:06 AM, Maxime Gaudreault wrote:
> Is there anything to do against email address spoofing ?
More information about the MailScanner
mailing list