Posted 24 January 2018 in Blog News

Spoofed E-mail Addresses: Can I Stop Spammers from Pretending to be Me?

Image courtesy of graur codrin at FreeDigitalPhotos.net
The simple answer, I’m afraid, is no. Software that will allow spammers and cyber criminals to fake your e-mail address is easy to come by and there is no way that you can prevent them from using it. They can fake any address they choose – a well-known company, a customer of yours, or even a colleague’s.

The best thing that you can do is make it less likely that other people receive e-mails that are spoofing your e-mail address, and unlikely that any spoofed messages sent to you will land in your inbox. There are three kinds of settings that you can use on your mail server, to make it more likely that messages from anyone faking your e-mail address will be rejected by the recipients’ mailservers, and that yours will reject any fake messages that spammers send to you:
Have Sender Policy Framework (SPF) records set. This allows the sender to specify which mailservers they use to send mail from. The recipients’ mailservers can check the SPF records, and if the e-mail fails the check, they can choose whether to reject it or not.

Use DKIM, (Domain Keys Identified Mail), to attach an authentication key to your messages, which gives recipient servers a method of checking whether they really have come from where they appear to have come from.

Use DMARC in conjunction with DKIM and SPF records. Recipient mailservers often allow mail that fails SPF record checks into the receiver’s inbox regardless, because they are set up with relaxed rules to avoid important messages from being blocked accidentally. DMARC , (Domain based message authentication, reporting and conformance), works in conjunction with SPF and DKIM by telling receiving servers how to deal with potentially fake e-mails, and where they can send a report about any messages that fail.

The success of all of these methods does depend on how the recipient mailserver has been configured. If it has not been configured to check SPF records or DKIM, all your best efforts to prevent illegitimate fake e-mails being received from you will be in vain. Likewise, it is important to make sure that your own mail servers have been configured to the most secure standards, to reduce the chances of faked e-mails appearing to have been sent by friends or colleagues from being received by you.
Want to know more? Contact us for help with e-mail security.

Image courtesy of graur codrin at FreeDigitalPhotos.net