How do I block spoofed emails?
Posted by Dayan D. Jeremiah, Last modified by Dayan D. Jeremiah on 25 February 2022 06:02 PM
|
|
Spambots and spammers often use a technique where the SMTP FROM: in the message header is different from the MAIL FROM to mask the spoofed messages. The example below shows a typical spoofed SMTP session; 220 127.0.0.1 ESMTP IceWarp 10.4.5; Thu, 04 Apr 2013 09:59:04 +0200 The email above would most likely be accepted by your server and will appear in the InBox as coming from "user@yourdomain.com" when in fact the mail was sent by spammer@domain.com . STOPPING SPOOFED EMAILS USING AN ANTI-SPAM DEPENDENT CONTENT FILTER The most effective and efficient way to stop spoofed emails is to create an anti-spam dependent content filter in Mail > Security > Rules > Content Filters . WHAT IF I DON'T HAVE ANTI-SPAM? If you do not use the Anti-Spam engine you can still create a spoof filter but it will not be as accurate as compared to using it with the Anti-Spam engine because in some instances valid senders mostly newsletters will intentionally spoof their MAIL FROM and FROM. The filter below will block any spoofed email detected; ! Where Session is trusted | |
|