Email address spoofing

Maxime Gaudreault mgaudreault at
Thu Oct 2 17:59:58 IST 2008

1. I already use SPF for some domains, not all

2. My mail server already uses authentication. But my customers uses
their ISP's mail server... not mine.

3. I'm not sure I understand but if they don't use my outgoing server, I
can't signs the emails..


-----Original Message-----
From: mailscanner-bounces at
[mailto:mailscanner-bounces at] On Behalf Of Alex
Neuman van der Hans
Sent: 2 octobre 2008 12:23
To: MailScanner discussion
Subject: Re: Email address spoofing

Short answer: NO. You can't stop people from *trying* to spoof you.

Long answer: You need to discourage people from spoofing you, and to  
discourage others from accepting spoofed messages.

To do this, you need to do three things:

1. Let the world know that messages from you should only come from a  
certain set of IP addresses. See for more info.
2. Force the use of authentication in order to use your mail servers  
as a gateway. You don't want your own computers to "spoof" you when  
infected by trojans and such.
3. Use a milter such as milter-null, which signs each outgoing  
message, so that bounces that did not originate from your server are  
not received. Leverage this with MailScanner's "Watermark" feature so  
that your server doesn't accept or deliver spoofed messages.

On Oct 2, 2008, at 11:06 AM, Maxime Gaudreault wrote:

> Is there anything to do against email address spoofing ?

MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website! 

More information about the MailScanner mailing list