What is spoofing email addresses







    A spoofed address is one which is sent to a recipient, but is not coming from the sender shown on the sender address of the email. Some spammers try and send emails to a company making it look like the email has come from another user from the same company. Spam firewalls can easily detect this because if an internal sender was to send an email message to another internal user, the delivery of the email message is done via the local email server such as Microsoft Exchange or Domino server, and never hits the SMTP Proxy server (Spam firewall). This is because the Email proxy is configured so emails only filter through it when they are destined for the outside world or when they are destined from the outside world; internal to internal does not filter through the proxy. The only exception to this rule is when a plug-in is installed on the email server in which it captures internal email and passes it on to the gateway Proxy server for internal scanning.

    So when an email coming from the outside world to [email protected], has a sender address of [email protected], the spam firewall will know this is spoofed. If the spam firewall does not do this by default then you can usually set a rule which would say something like mail from these senders to these senders, classify as spoofed address, and quarantine them in the spoofed quarantine area. However some proxy servers have such a setting in which you can enable though blocking spoofed addresses. The setting will effectively block any emails from internal domains to internal domains.

    Ways to prevent spoofed email from external senders are to use sender authentication techniques such as SPF, Sender ID and DKIM. These different techniques would verify the sender is who they say they are.
E-Mail Security
and Spam Terminology