Our Blog

Fighting Email Spoofing

Posted by:

Email spoofing is the creation of email messages with a forged email address. This is a problem in email protocols by design because it does not have any mechanism for authentication, which is why all mail-servers allow modifying the FROM header.

-auth_sender someone@somemailserver.xyz
From:  foo@bar.com
To: janeDoe@bar.com
Subject: Your credit statement

In above example, the user is authenticating with a different account but he modified FROM to look like it originated from another location. Most common users fell for such emails and end up installing malware / spyware or ransomware on their systems.

Our 24/7 Network Engineers resolved a similar issue by applying a custom patch. It handles both scenarios i.e.

  1. If anyone tries to send an email from the server using a forged header, it rejects the mail altogether
  2. If there is an incoming mail with a forged header, it is bounced back since it did not originate from the mail server

Now, our engineers have complete peace of mind knowing that our users are protected from such email header spoofing practices.

0


Add a Comment

Time limit is exhausted. Please reload CAPTCHA.

# #