Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 17040 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stop Spoofed mail from FakeMail websites

robert.micallef
Hi,

We are using Sophos UTM 9.204-20 and have the EMail Protection Module.

Mail generated using spoofing websites like from emkei.cz and deadfake.com is being allowed to pass through. I tried spoofing our own domain as well as another domain. It is always being allowed to pass through. We have everything switched on in AntiSpam (ie: RDNS, BATV, RBL, Greylisting, SPF check), and it still is being allowed to pass.

The only solution is to Blacklist the whole domain (ex: Blacklist emkei.cz), but I hardly call that a solution as I don't know every domain that can be used to spoof senders and spoofed mail can really come from anywhere.

Is there a way to block these? I would have thought that a RDNS check would have instantly blocked these, but somehow they are being allowed.


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BAlfson
    Bummer I was hoping DKIM would have worked.  Even started setting DKIM up today.

    If you are running Exchange you can remove the ms-exch-smtp-accept-authoritative-domain-sender permission from the Anonymous Logon on the Internet facing domain connector.  This looks at the FROM field.  Poke around on the Internet there are a number of articles about it.
Unfiltered HTML