Exchange 2k3 SPAM
How do you guys deal with the type of spam where the spammer forges the from field to be the same as the to field? I have this problem at two different companies and they are going to have my balls if I don't fix it soon. =(
SBS 2k3 & plain ol' Exchange 2k3
SBS 2k3 & plain ol' Exchange 2k3
Comments
-
Claymoore Member Posts: 1,637Does their mail server have the ability to use Sender Policy Framework (SPF) records for message filtering? You could create and publish SPF reocrds for your domain and they could use those records to filter the spoofed emails.
http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx
Sender Policy Framework - Wikipedia, the free encyclopedia
SPF: Project Overview -
paintb4707 Member Posts: 420Email Security Software ? Antispam Software - Malware Protection ? Ninja Email Security
The best Exchange anti-spam software I ever used. We had a huge spam problem here when I first started. I tried GFI Anti-Spam beforehand for a few months. Tweak after tweak after tweak, still about 60% of the spam was getting through. I tried Sunbelt Ninja out of the box and immediately about 95% of it was gone. Sunbelt gives the end-user total control of emails that are tagged as spam by dropping it in a Quarantine folder. They also have the ability to block and allow whatever senders they choose. They claim that the anti-spam has learning capabilities too but not too sure how it works. They suggest that you run the program for a month or two before enabling it.
Very robust program. Also has individual policies, anti-virus, attachment blocking/scanning, disclaimers, etc. The reporting is great too and the support team is fantastic.
Note: I do not work for Sunbelt Software -
rsutton Member Posts: 1,029 ■■■■■□□□□□Thanks for the responses, really helps me think this through.
One company is using Postini to filter SPAM and it is pretty good but it never seems to catch these emails. Actually have been reading up on SPF (for a totally different reason, also spam related however) and that might be what I have to do.
Thanks for the input and product recommendation! -
astorrs Member Posts: 3,139 ■■■■■■□□□□One company is using Postini to filter SPAM and it is pretty good but it never seems to catch these emails. Actually have been reading up on SPF (for a totally different reason, also spam related however) and that might be what I have to do. !
-
rsutton Member Posts: 1,029 ■■■■■□□□□□The user has her Postini junk mail settings configured as "aggresive" for everything. Somehow it still gets through and happens to be rather obscene content.
-
Claymoore Member Posts: 1,637The user has her Postini junk mail settings configured as "aggresive" for everything. Somehow it still gets through and happens to be rather obscene content.
They have probably whitelisted your domain name to make sure that all your email goes through. They could try removing the domain whitelist and use your mail server IP address in the whitelist, or they could remove both and rely on SPF records. Since you have a close working relationship with them, the IP whitelist would probably be faster.
SPF was created as a reputation model to thwart these kind of spam tactics. The mail may say that it came from you, but if it didn't come from the mail servers listed in your SPF records then it is spam. Works much better than reverse DNS lookups for the mail servers, something that doesn't work at all in 2003. You can configure DNS lookups on 2003, but all it does is add overhead without ever blocking a message. -
itdaddy Member Posts: 2,089 ■■■■□□□□□□we use mailmarshall. it will cost you some money. 3-4 grand!
you can use IMF that comes with exchange 2003 or as a download I should say, but it is not that great of a spam catcher.
as far as the spoofing your TO address. spf records will help but
unfortunately not all Mail/DNS servers use this technology..I get some of that at home, but I would keep looking.....they are spoofing your address that is the issue...try black list providers they help as well.. -
itdaddy Member Posts: 2,089 ■■■■□□□□□□rsutton
Emails are checked against DNS servers. DNS servers house spf records which are the authority to send email from a server...these records list ip address or dns names, authoritative Email servers that can spoof/send email from...
Emails are checked against the spf record to make sure so and so server can send email from it and of course you have to set up Email servers to accept email from as well..
but not everyone uses this spf technology. not sure why but they should.
It is good you are getting some advice. mailmarshal is excellet and way easy to use
but very powerful...I would go with software you can do as a trial and that the techs help set it up on your network as well with you watching of course thru like a webex session. but do the trials for like 60 days that way you can see what it can do. we did that with Mailmarshal and they gave us a 60 day trial and help set it up on our network..after 30 days we loved it...great tech support and all..these are key
also you can try and have your email go to a proxy email server much like a front-end server where the email is screened before it hits your emails server (backend)
our front end emails servers at an ISP spam tag emails with a scale rating and
mailmarshal has the ability to screen the header files of the emails and read the spam tags and we have it store for 30 days any spam tag 5 or greater to a folder where we check if people complain not getting their emails, I just check the spam catcher folder and bam there it is...mailmarshal rocks...that Ninja program look good too!
-
blargoe Member Posts: 4,174 ■■■■■■■■■□SPF will help you a lot.
For a managed solution, we are using MS Forefront Online Security. They charge a subscription rate per mailbox per month (varies depending on how many users), and you really don't have to manage it at all.
We get virtually zero spoofed emails and spam of any kind (other than the kind people sign up for and forget/didn't realize they signed up for it) is almost non-existant. 99% of all email destined for our domains are spam messages, and Forefront Online does as good or better than any solution I've ever used in the past.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...