[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Help - malicious email
The 'from' address can be forged on any email with just about any email client. I would point out that every email client out there has some option somewhere where you tell it who you are (so that it can then assume that that is the proper 'from' address to drop on every email you send out). So if your concern is who the message claims to be from in that little 'From' column in the email software, no, there isn't a darn thing you can do about it. Your users are going to have to either accept the fact that the >From address may be fake or... they can grouse about it and it will still potentially be fake. That's just how it is. SMTP is a non-authenticated protocol. However, presuming the message didn't come from your server, it came from somewhere else and the where is documented in the "Received" headers. I doubt very seriously that talking to those folks is going to do much for you, but you can always blackhole the relaying mail servers' IPs (I've taken to blackholing entire Class C ranges when necessary... but needless to say I try to avoid that...) If the "Received" headers in the email that went to these third parties actually reference your server(s), you either have someone in your organization who is involved, OR (more likely) you have an open relay, which you should take immediate action to lock down. Hope this helps. -----Original Message----- From: Fang Jin [mailto:[email protected]] Sent: Thursday, April 18, 2002 12:51 AM To: [email protected] Subject: [FW-1] Help - malicious email Hello, We have received claims from other companies saying our staff is sending bulk mails to them. After investigation, we found the mail was not originated from our mail server, our staff didnot send such mail. Someone else in other bulkmail domain sent out the mail with our company email address. e.g. Other company staff received a email sender: [email protected], receipient: [email protected], But aaa didnot send out that mail. We noticed that mail originator is [email protected] instead of [email protected] What are the ways to stop such prank? Thanks in advance. Jin ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|