Spam or Viruses that seem to be Origintated from Clients Organizations.

June 25, 2007

One of the most common questions I get asked from clients is, why do I get spam or email virus that appears to originate from inside our organization.Spammers and Viruses are becoming evermore resourceful in trying to elude us to open their emails. One of the simplest ways of getting you to open an email is spoofing email address of users we trust. There are several ways they can get hold of user’s emails the question is how you stop spammers and viruses from faking addresses.Today’s anti-spam are composed of several layers for detecting spam. One of the methods for detecting fake or spoof emails is inbound authentication and Identity verification technically known as SIDF.

How Sender ID Works

  1. The sender sends an e-mail message.
  2. The recipient’s inbound e-mail server receives the message.
  3. The inbound e-mail server checks which domain claims to have sent the message and checks
    the DNS for the SPF record of that domain. The inbound server then determines if the IP address
    of the sending e-mail server matches the IP addresses that are published in the SPF record.
    E-mail messages that fail may be deleted, blocked, or sent to the Junk e-mail folder.
  4. As a recommended option, the Sender ID result can be combined with reputation data about the
    IP/domain holder. This reputation data enhances delivery decisions for all e-mail, including
    messages sent from both legitimate senders and spammers which may pass the Sender ID check.
  5. When combined with the receiving network’s anti-spam and anti-phishing technologies, the
    e-mail may be delivered to the Inbox, the Junk or Quarantine folders, or may be blocked and deleted.     SPF

 

more…

Question is, so why are fake emails still getting through?
Many small businesses do not know or still have not implemented this extra layer of security until a majority of business implement the SPF on their domains we will still continue to receive fake emails or we could opt to block all emails that have not implemented, this solution is risky as businesses could possibly lose important emails from potential clients.