How to block messages coming from your own domain (spoofed)

Article:TECH90926  |  Created: 2008-01-17  |  Updated: 2013-06-13  |  Article URL http://www.symantec.com/docs/TECH90926
Article Type
Technical Solution


Issue



Best practices to block emails claiming to come from your own domain after being spoofed.


Cause



One of the limitations of the original SMTP protocol is the lack of sender authentication capabilities. This is one of the enablers of spam messages and allows the sender to spoof any email address, including your own domain.


Solution



Several options exist when configuring your Symantec Messaging Gateway (SMG) appliance:

  • Add your own domain to the list of Blocked Senders (domain-based)
    If your domain environment was designed such as no emails from your local domain should be coming inbound, you can safely reject emails claiming to come from your domain inbound.

 

  • Create a sender policy framework (SPF) record for the IP addresses within your domain and enable authentication via SPF records for your own domain
    This is a good option if messages from your own domain come from IP addresses other than the ones you manage and you know which IP addresses these are.
    To do this, first be sure that the SPF records for these IP addresses have been properly configured by your domain's DNS administrator. Then you can enable SPF checking for your domain.

 

  • Create a compliance rule to reject sender's envelope address containing your domain address
    If your domain environment was designed such as no emails from your local domain should be coming inbound, you can safely reject emails claiming to come from your domain inbound.

     



 




Legacy ID



2008111714541154


Article URL http://www.symantec.com/docs/TECH90926


Terms of use for this information are found in Legal Notices