How to block or minimize the email spoofing from the internal or accepted domain? (Network Steve Forum)

How to block or minimize the email spoofing from the internal or accepted domain?

Dear Exchange Server Expert,

We have in house mail server running Microsoft Exchange Server 2010. currently, some users are always receiving the email spoofing that come from internal domain or accepted domain in exchange. For instance, I am on test.com domain and I receive email spoofing that come from my colleague, amy@test.com domain too.

Currently we are using Symantec cloud as the anti spam server. most of the spam will be blocked but not the email spoofing that using the internal or accepted domains. I think because the content and the sender looks legitimate, that's why the Symantec cloud anti spam has bypass them.

is there any way that we can prevent or minimize this?

Thanks.

Regards,

September 2nd, 2015 1:30am

Create an SPF record for your email domain and set fail for all unknown source.

https://en.wikipedia.org/wiki/Sender_Policy_Framework

Free Windows Admin Tool Kit Click here and download it now

September 2nd, 2015 2:17am

Create an SPF record for your email domain and set fail for all unknown source.

https://en.wikipedia.org/wiki/Sender_Policy_Framework

Proposed as answer by Allen_WangJFMicrosoft contingent staff, Moderator 21 hours 59 minutes ago

September 2nd, 2015 6:15am

Create an SPF record for your email domain and set fail for all unknown source.

https://en.wikipedia.org/wiki/Sender_Policy_Framework

Proposed as answer by Allen_WangJFMicrosoft contingent staff, Moderator Friday, September 04, 2015 9:32 AM

Free Windows Admin Tool Kit Click here and download it now

September 2nd, 2015 6:15am

Create an SPF record for your email domain and set fail for all unknown source.

https://en.wikipedia.org/wiki/Sender_Policy_Framework

Hi Li Zhen,

Do you have any steps by steps instruction on how to do that?

Thanks.

September 2nd, 2015 6:15am

I don't have a step by step guide.

Free Windows Admin Tool Kit Click here and download it now

September 2nd, 2015 11:28am

Hi,

Take a look here: http://markgossa.blogspot.co.uk/2015/08/understanding-spf-records-part-1.html.

You basically need to specify all SMTP servers that will send email from your domain and configure the -all mechanism at the end of your SPF record to ensure that email is not accepted from SMTP servers that you haven't specified. Make sure you include all the SMTP servers that Symantec will use to send email on your behalf. You should be able to find a published list for other customers who are using their cloud filtering and need to set up SPF records.

Also, ensure that any secondary mail routes, DR environments, or cloud based email apps have their IPs added to your SPF record.

Let me know if this answers your question.

Thanks.

September 2nd, 2015 7:21pm

Hi,

Great advice from above.

Furthermore, we need ensure relevant PTR record for outbound mail server. To minimize of email spoof, please refer to below link in "Q. What are a set of best outbound mailing practices that will ensure that my mail is delivered? " section: https://technet.microsoft.com/en-us/library/jj937231(v=exchg.150).aspx

Free Windows Admin Tool Kit Click here and download it now

September 4th, 2015 5:44am

This topic is archived. No further replies will be accepted.