• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Am I being spoofed?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Am I being spoofed? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Am I being spoofed? - 14.Apr.2003 10:25:00 PM   
clynn

 

Posts: 30
Joined: 19.Feb.2001
From: Farmington Hills, MI
Status: offline
---In this post, I will refer to the domain of my exchange server as MyDomain.com---

I have an Exchange 2000 Server behind ans ISA Server. I have run through all the drills for Open relaying (i.e. ORDB.org, the abundant tutorials, and the Telnet test), my server is secure.

I recently installed Mail Essentials (COOL PROGRAM!), and have been happy with the filtering of SPAM that it does. I have noticed though, a couple messages it has intercepted seemed to com from MyDomain.com. How is this so?

Today I recieved a message from the Admin of another domain. He says the email users at his facility have been recieving SPAM from MyDomain.com. The addresses that the SPAM apears to be coming from are like: 31387@MyDomain.com and 204@MyDomain.com. The Admin of the offended domain said that someone may be spoofing my address. Is this spoofing preventable, could my E2K be compromised?

Looking for insight.
Thank,
Chris
Post #: 1
RE: Am I being spoofed? - 15.Apr.2003 3:16:00 PM   
koggen

 

Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
It is very easy to spoof email addresses, basically it's like sending someone a postcard, you can write *any* name as sender! I can even send an email to you with your own email address as "from"! There's really no way to prevent this from happening (again, the postcard analogy, anyone can send a postcard to you and sign it with your name).

To make sure that no spammer is using your mail server despite your efforts to close relaying have the administrator of the offended domain forward full headers of a spam message. The headers will show which email servers the message has passed through (like the poststamp on a postcard will tell you where it was mailed). If your server is not listed then you are safe, otherwise you're the bad guy [Smile]

// Johan

(in reply to clynn)
Post #: 2
RE: Am I being spoofed? - 17.Apr.2003 5:01:00 PM   
clynn

 

Posts: 30
Joined: 19.Feb.2001
From: Farmington Hills, MI
Status: offline
It did not come from our server.

This is kind of a lame loophole for spammers. How often does a spoofing result in blacklisting?

What kind of preventative action is available?

(in reply to clynn)
Post #: 3
RE: Am I being spoofed? - 5.May2003 11:05:00 AM   
koggen

 

Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
Sorry for the late reply. I don't really know how often spoofing results in blacklisting. Most serious anti-spam services always note the IP address of the spamming server, and since it was not your mail server who sent all that spam you won't be affected. On the other hand many administrators run highly customized anti-spam solutions and occasionally I've seen them add "mail from:" domain addresses on their blacklist. In such a case you would become at least locally blacklisted (i.e. can't send to that domain).

As to how to prevent this: there's really no good way to prevent this from happening at all (at least none that I know of)! Sad, but trueŕ

(in reply to clynn)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Am I being spoofed? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter