Is it possible to stop spoofed spam email using Symantec Mail Security for Microsoft Exchange?

Article:TECH91486  |  Created: 2008-01-18  |  Updated: 2014-07-10  |  Article URL http://www.symantec.com/docs/TECH91486
Article Type
Technical Solution


Issue



You see spam messages that appear to be coming from your own domain (spoofed spam email). You want to know how these spoofed messages can be prevented.

Symptoms
Spam messages are going through undetected. These spam messages pretend to be coming from your own domain (i.e., spoofed mail).
Example: abc@test.com receives a spam mail from abc@test.com 
 


Cause



This is occuring because the Exchange server does not have the correct security configuration and is not protected correctly by a security device on the gateway level. Spammers have found existing email addresses in your domain and are targeting these email addresses.


Solution



It is not possible to stop spoofed spam email using Symantec Mail Security for Microsoft Exchange. However there are a number of things to consider regarding how to stop these on your Exchange server and in your environment.

In Symantec Mail Security
• Ensure your own domain has not been added to the Sender White List:
In the SMSMSE Console, go to Policies > Antispam > Blacklist and Whitelist.
In the "Allowed Senders" box, verify the list and make sure that your own domain is NOT listed.
In the "Unfiltered Recipients List" box verify the list and make sure that the email addresses that are receiving spoofed messages and spam are NOT listed.
If you have made changes, be sure to click the Deploy Changes button to save.

• Ensure all reputation services are enabled
In the SMSMSE Console, go to Policies > Antispam > Premium AntiSpam Settings.
Under "Reputation Services" verify that all items are selected

 In Exchange 2003
• Ensure your Exchange server is not an SMTP open relay:
http://support.microsoft.com/kb/324958

• Implement Sender ID filtering on the Exchange:
http://www.msexchange.org/tutorials/Configuring-enabling-Sender-ID-filtering-Exchange-2003-SP2.html

 In Exchange 2007 and Exchange 2010
• Removing the sender permission for anonymous senders:
http://exchangepedia.com/blog/2008/09/how-to-prevent-annoying-spam-from-your.html

• Fighting Spam and Phishing with Sender ID
http://technet.microsoft.com/en-us/magazine/cc160870.aspx

 Other options to consider in your environment
• Implement SPF records on the DNS server:
http://support.microsoft.com/kb/912716

• Submit/Email the spam messages to Symantec Security Response (SSR) using this procedure:
http://www.symantec.com/docs/TECH83081
• Consider Gateway Security Appliances such as Symantec Messaging Gateway. Gateway security products are more capable of handling spoofed spam attacks.




Legacy ID



2008121815234654


Article URL http://www.symantec.com/docs/TECH91486


Terms of use for this information are found in Legal Notices