Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange and Reverse DNS

Status
Not open for further replies.

bigjrocksit

IS-IT--Management
Feb 15, 2008
28
US
I have a question about something weird that was recently brought to my attention and I'm not able to find any information on the issue. Hopefully someone can help.

We have an account with Google Analytics that allows us to have reports emailed to us from the Analytics website. The emails come through just fine, but the problem is that the sender's email address that the reports come from shows to be an address of an internal user.

My question is this: How is this email able to be sent from Google to any internal user with the email address of this internal user? Even though the email address is listed as the "contact" email address on the Analytics website, there is no authentication information listed and to me this looks like we are wide open to spoofing.

I've emailed Google and their response was as follows: "Please note that what you see in the 'From'
address field is the display email address. Note that the emails are being sent from Google Analytics, however, the from address is marked as 'xxxxxx@xxxxx.com' to avoid the email being marked as spam. You can confirm this information by viewing the Header information for an emailed report."

I've viewed the header information and it only shows that it came from the internal email address. Shouldn't Exchange catch this as a spoofed address and block the email?

I'm really confused on this one. Any help is appreciated.

TIA- J
 
That's easy. There is no authentication for SMTP by default. I can telnet to an email server and send mail as anyone all day long.

It's an interesting approach they have to get around the messages being marked as spam. But a growing trend is to not allow inbound email that says it's from an internal address (why would an internal address be sending email from outside, to an internal address?). So their method would get caught if you were so configured.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Thanks for the help- makes perfect sense now. I'm new to Exchange, but I'm learning a little more with every issue I run into like this.

What's the best method to lock this down? I've looked at some MS documents and it doesn't look like a terribly easy thing to do.

-J
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top