Is it possible to stop Spoofed Email (SPAM) using Symantec Mail Security for Microsoft Exchange?

Article:TECH91486  |  Created: 2008-01-18  |  Updated: 2014-05-21  |  Article URL http://www.symantec.com/docs/TECH91486
Article Type
Technical Solution

Product(s)

Issue



You see spam messages that appear to be coming from your own domain (spoofed mail). You would like to know how these spoofed messages can be prevented.

Symptoms
Spam messages are going through undetected. These spam messages pretend to be coming from your own domain (i.e., spoofed mail).
Example: abc@test.com receives a spam mail from abc@test.com 
 


Error



N/A
 


Environment



Information Foundation Symantec Mail Security for MS Exchange 6.x
 


Cause



This is occuring because the Exchange server does not have the correct security configuration and is not protected correctly by a security device on the gateway level. Now Spammers have found existing email addresses in your domain and are targeting specifically these email addresses.

 


Solution



It is not possible to stop Spoofed spam using Symantec Mail Security for Microsoft Exchange. However there are a number of things to consider regarding how to stop these on your Exchange server and in your environment.

In Symantec Mail Security

1. Ensure your own domain has not been added to the Sender White List:
In the SMSMSE Console, go to Policies > Antispam > Blacklist and Whitelist.
In the "Allowed Senders" box, verify the list and make sure that your own domain is NOT listed.
In the "Unfiltered Recipients List" box verify the list and make sure that the email addresses that are receiving spoofed messages and spam are NOT listed.
If you have made changes, be sure to click the Deploy Changes button to save.

2. Ensure all reputation services are enabled
In the SMSMSE Console, go to Policies > Antispam > Premium AntiSpam Settings.
Under "Reputation Services" verify that all items are selected

 

In Exchange 2003

1. Ensure your Exchange server is not an SMTP open relay:
http://support.microsoft.com/kb/324958

2. Implement Sender ID filtering on the Exchange:
http://www.msexchange.org/tutorials/Configuring-enabling-Sender-ID-filtering-Exchange-2003-SP2.html

In Exchange 2007 and Exchange 2010

1. Removing the sender permission for anonymous senders:
http://exchangepedia.com/blog/2008/09/how-to-prevent-annoying-spam-from-your.html

2. Fighting Spam and Phishing with Sender ID
http://technet.microsoft.com/en-us/magazine/cc160870.aspx 

 
Other options to consider in your environment

1. Implement SPF records on the DNS server:
http://support.microsoft.com/kb/912716

2. Submit/Email the spam messages to Symantec Security Response (SSR) using this procedure:
http://www.symantec.com/docs/TECH83081

3. Consider Gateway Security Appliances such as Symantec Messaging Gateway.
Gateway security product are more capable of handling Spoofed spam attacks.

  


References
FAQ: Spoof email




Legacy ID



2008121815234654


Article URL http://www.symantec.com/docs/TECH91486


Terms of use for this information are found in Legal Notices