0

Ive been reviewing the emails blocked by our anti virus and have seen allot come from emile8@company.com (we dont have any users called this) with company.com being our domain, the emails all have the subject 'document request' and all according to our anti virus contain something (either trojan, virus, phishing etc..)

How can i prevent our domain being spoofed in this way ?

UPDATE: We are using google apps for business email. We also have an old email server from before we moved to google apps but the mx record is no longer pointed here. (its just left up as a backup copy of old emails, not sure if its even relevant but thought id mention it in case it was)

sam
  • 536
  • 3
  • 14

2 Answers2

7

You can implement DMARC - https://dmarc.org/ - DMARC is a standard that allows you to specify mail servers that are valid for sending your email and contain some processes for filtering mail appropriately when it does not.

crovers
  • 6,311
  • 1
  • 19
  • 29
  • 1
    I see you say you use Google Apps for Business - in that case, you're in luck, Google is one of the main pushers behind DMARC and plays nicely with it. https://support.google.com/a/answer/2466580?hl=en – crovers Oct 03 '16 at 14:58
  • are there pros / cons of DMARC over Domain Keys Identified mail - https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail ? Or is it not a clean cut issue ? – sam Oct 03 '16 at 15:18
  • 1
    DMARC is a combination of DKIM + SPF (Sender Policy Framework) plus some reporting functionality, so you see when people drop your email, etc. – crovers Oct 03 '16 at 15:44
1

In addition to DMARC, if you were running your own server, you can also implement edge checks such that incoming emails have their envelopes checked to ensure that they don't claim to be from your domain.

That kind of check has been around a lot longer than DMARC. It is simple and effective. However, it can catch out people who implement cloud-based systems that send emails that deliberately (but legitimately) pretend to be from your organisation. Then you either have to whitelist or provide an authorised private relay service.

Julian Knight
  • 7,092
  • 17
  • 23