One of our client servers is receiving huge amounts of email bouncebacks from what is most likely a spoofed account spamming. Is there a way to try and prevent spoofing? I know it is hard to spoof a gmail account; why?
Asked
Active
Viewed 98 times
0
-
most likely? Have you checked the logs and the queues of your clients server to confirm it isn't actually sending out the spam? – DKNUCKLES Dec 11 '12 at 14:58
-
We see a lot of spoofed emails showing a gmail.com sender but the mail server is spammy, e.g. .live or .website addresses. I have added DMARC into spamassassin using https://serverfault.com/questions/1023202/spamassassin-local-cf-dmarc-configuration-recognizes-reject-and-none-but-not-qu We also have SPF in the spamassassin config but gmail's is for softfail :/ We could prevent a lot of spam if google would ramp up their DMARC settings. – Nik Dow Feb 21 '21 at 22:45
2 Answers
3
Yes, one of the most widely used methods is SPF.
Basically, in DNS you then publish the mail servers allowed to send out mail for the domain. Regular spam filters will trigger on this and raise the spam level if it encounters spoofed sender addresses in mail. It will not prevent the spammers from sending it, but it makes you a less attractive target for them.
Additional option is using DKIM to verify cryptographically the mail server delivering the message is actually approved by the domain administrator.
Large domains such as GMail have implemented both. Therefore, it's easy to verify if a genuine Google server was delivering mail from a GMail account.
gertvdijk
- 3,362
- 4
- 30
- 46
2
I highly recommend implementing SPF and related policies so that you can use a strict policy.
You can also use BATV (Bounce Address Tag Verification) to sign the envelope from address on outgoing messages. My article on Signing Return Path Addresses with Exim describes how I implemented. Once you have this running for a couple of weeks you can start identifying faked bounce messages with ease.
BillThor
- 27,354
- 3
- 35
- 69