New to Exchange, Question about SPF

[madlife]

I am new to Exchange and recently had a situation where I need some help. Basically someone is sending out spam mail using one our out people's email account. I found this out because he is getting a mass of Undeliverable replies.

Anyways, Mailessentials SPF filter checks the XXXXX@domain.com to make sure it came from an e-mail sever within domain.com.

How do we protect ourselves so that others can use SPF to make sure email they get is really from us?

Windows 2000 server, exchange 2000, and GFI mailessentials 12

Thank you

 

[Davetoo]

Nothing you can do about someone spoofing an email address within your company.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[madlife]

Thanks... Its not totally within our company, they are using our e-mail address and send to other domains which are not valid e-mail accounts, so of course all of the undeliverable messages come back to our guy.


For now I am filtering out the undeliveralbe message to another folder.

 

[Davetoo]

Sorry I wasn't clear. There's nothing you can do about anyone, inside or outside of your company, from spoofing an email address of someone within your company.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[madlife]

YAY! :/ I had a feeling that was the case. Looks like the best I can do is filter out the undeliverable so his mailbox isnt bombarded with them all day.


Thanks for the speedy repsone!

 

[Zelandakh]

Sorry to disagree but the SPF can be used to do what you want.

Set up an SPF record on your public DNS that lists your mail servers (you can get the SPF to reference your MX records of your DNS entry). Then have GFi delete emails of SPF fail only. That will catch your own domain and any others where it hard fails.

 

[Davetoo]

How so? Anyone can send an email and make it look like it's coming from someone else. So even if you run this SPF on your systems, it's not going to prevent other domains from receiving the spoofed emails.

Sure, you may be able to prevent them from coming into your mail server, the failed returns that is, but you're not going to be able to prevent the spoofing from getting to other email servers.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[Davetoo]

From GFI's site:

SPF requires that the sender's company has published its mail server in an SPF record. When receiving a message from a domain, GFI MailEssentials checks those records to make sure the mail is coming from where it says it is. For example, if an email is sent from xyz@CompanyABC.com, then companyABC.com must publish an SPF record in order for SPF to be able to determine if the email was really sent from the companyABC.com network, or whether it was spoofed. If an SPF record is not published by CompanyABC.com, the SPF result will register as ‘unknown’. SPF is rapidly gaining ground and major sites have committed to the project. More information can be found on

http://spf.pobox.com.

So unless all companies have SPF records, which they don't, then this tool will do nothing to prevent other companies, which don't utilize SPF, from receiving forged emails.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[Zelandakh]

Yeah but OP asked if SPF can be used so that others...and yes SPF can be implemented but as you say the other company needs to do SPF checking.

 

[Davetoo]

Ah, yes, sorry, you are correct, my apologies.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[Zelandakh]

No apology necessary Dave, you've corrected me enough times!