Email address spoofing
Maxime Gaudreault
mgaudreault at reference.qc.ca
Thu Oct 2 17:59:58 IST 2008
1. I already use SPF for some domains, not all
2. My mail server already uses authentication. But my customers uses
their ISP's mail server... not mine.
3. I'm not sure I understand but if they don't use my outgoing server, I
can't signs the emails..
Max
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex
Neuman van der Hans
Sent: 2 octobre 2008 12:23
To: MailScanner discussion
Subject: Re: Email address spoofing
Short answer: NO. You can't stop people from *trying* to spoof you.
Long answer: You need to discourage people from spoofing you, and to
discourage others from accepting spoofed messages.
To do this, you need to do three things:
1. Let the world know that messages from you should only come from a
certain set of IP addresses. See http://openspf.org/ for more info.
2. Force the use of authentication in order to use your mail servers
as a gateway. You don't want your own computers to "spoof" you when
infected by trojans and such.
3. Use a milter such as milter-null, which signs each outgoing
message, so that bounces that did not originate from your server are
not received. Leverage this with MailScanner's "Watermark" feature so
that your server doesn't accept or deliver spoofed messages.
On Oct 2, 2008, at 11:06 AM, Maxime Gaudreault wrote:
> Is there anything to do against email address spoofing ?
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list