Is it possible to stop Spoofed Email (SPAM) using Symantec Mail Security for Microsoft Exchange?
|Article:TECH91486|||||Created: 2008-01-18|||||Updated: 2011-12-01|||||Article URL http://www.symantec.com/docs/TECH91486|
You see spam messages that appear to be coming from your own domain (spoofed mail). You would like to know how these spoofed messages can be prevented.
Spam messages are going through undetected. These spam messages pretend to be coming from your own domain (i.e., spoofed mail).
Example: firstname.lastname@example.org receives a spam mail from email@example.com
Information Foundation Symantec Mail Security for MS Exchange 6.x
This is occuring because the Exchange server does not have the correct security configuration and is not protected correctly by a security device on the gateway level. Now Spammers have found existing email addresses in your domain and are targeting specifically these email addresses.
It is not possible to stop Spoofed spam using Symantec Mail Security for Microsoft Exchange. However there are a number of things to consider regarding how to stop these on your Exchange server and in your environment.
In Symantec Mail Security
1. Ensure your own domain has not been added to the Sender White List:
In the SMSMSE Console, go to Policies > Antispam > Blacklist and Whitelist.
In the "Allowed Senders" box, verify the list and make sure that your own domain is NOT listed.
In the "Unfiltered Recipients List" box verify the list and make sure that the email addresses that are receiving spoofed messages and spam are NOT listed.
If you have made changes, be sure to click the Deploy Changes button to save.
2. Ensure all reputation services are enabled
In the SMSMSE Console, go to Policies > Antispam > Premium AntiSpam Settings.
Under "Reputation Services" verify that all items are selected
In Exchange 2003
1. Ensure your Exchange server is not an SMTP open relay:
2. Implement Sender ID filtering on the Exchange:
In Exchange 2007 and Exchange 2010
1. Removing the sender permission for anonymous senders:
2. Fighting Spam and Phishing with Sender ID
Other options to consider in your environment
1. Implement SPF records on the DNS server:
2. Submit/Email the spam messages to Symantec Security Response (SSR) using this procedure:
3. Consider Gateway Security Appliances such as Symantec Messaging Gateway.
Gateway security product are more capable of handling Spoofed spam attacks.
FAQ: Spoof email
Article URL http://www.symantec.com/docs/TECH91486