Forums & Blog

A SmarterTools-sponsored community.
Welcome to Forums & Blog Sign in | Join | Help
in Search
Home Blog Forums Photos
Forums & Blog » Product Discussions » SmarterMail » DomainKey - Blocking Spoofed Sender Address Email

DomainKey - Blocking Spoofed Sender Address Email

Last post 07-01-2009 8:55 AM by ST-JLance. 4 replies.
Page 1 of 1 (5 items)
Sort Posts: Previous Next

  • 06-30-2009 11:17 AM

    DomainKey - Blocking Spoofed Sender Address Email

    Reply Contact

    I enabled DomainKey Signing,  generated a key, and set and set Signing to 'nwsf' with the idea that this would block spoofed sender address messages (where I get messages from myself when it's not really me) from entering the system.  This doesn't seem to be working fully. Are there certain situations where this will not work?

  • 06-30-2009 3:54 PM In reply to

    Re: DomainKey - Blocking Spoofed Sender Address Email

    Reply Contact

    DomainKeys does not work in this fashion. There is no punishment for a message having no domain keys signature. What you want is SPF.

    James Lance
    Senior Developer / Analyst
    SmarterTools Inc.
    (877) 357-6278
    www.smartertools.com

    SmarterMail - Windows Mail Server and Microsoft Exchange Alternative
    SmarterTrack - Help Desk, Ticket Tracking, Live Chat, WhosOn, and Knowledge Base Software
    SmarterStats - Web Log Analytics and SEO Software

  • 06-30-2009 6:23 PM In reply to

    Re: DomainKey - Blocking Spoofed Sender Address Email

    Reply Contact

     Jim,

    Thanks for your input.

    I found this in the SmaterMail Knowlege Base so I thought it would help, see third bullet:

    How To - Protecting yourself from spam sent to and from your domain

    Applies to: SmarterMail (all versions)                       

    Spammers can send email from a spoofed account using your own domain name and send it to you.  For example, a spammer can send an email from anywhere on the internet from bob@example.com to joe@example.com .  Since, mail servers see this as an inbound delivery, they do not require SMTP Authentication to deliver email in this way. 

    The best way to protect yourself from these types of Spam is to do the following:

    • Require SMTP authentication for all your domains
    • Add a SPF record for your web site in DNS (see our Online Help for information about SPF records.)
    • If you are running SmarterMail 4.x and higher, Enable / Configure / Require DomainKeys (see our Online Help).

    If setting up Domain Key Signatures doesn't help with spoofing do they serve a purpose or should I just avoid setting them up?

     

  • 06-30-2009 10:42 PM In reply to

    Re: DomainKey - Blocking Spoofed Sender Address Email

    Reply Contact

    Domain Keys help verify whether or not the mail came from the right mail server.

    Here is an example:

    I can connect to your mail server with spam or maybe an urgent message about your bank acount or etc..and for email I put accounting@bankofamerica.com ..this will come from mail server ip 123.123.123.123. Obviously that is not bank of america. By signing your mail with Domain Keys, you help reduce spam and other fraud from external mail servers.

    Think of it as an online passport for your mail server.

    By default though, you don't usually need to sign mail that came internally. It is a waist of server processing. It is like showing your own passport to yourself.

    Also, if you want to be whitelisted with Yahoo, setting up domain keys is important.

    I would also suggest settign up SPF records and enable authentication

    If you want to not get messages from yourself, enabling Authentication is probably the best option.

     

     

  • 07-01-2009 8:55 AM In reply to

    Re: DomainKey - Blocking Spoofed Sender Address Email

    Reply Contact

    As stated, DomainKeys are a way of saying "I am a legitimate email from this domain" However, the corollary is not true; a mail without DomainKeys does not indicate that it is not legitimate.

    SPF, on the other hand, works by saying "If this email didn't come from IP x.x.x.x, it is not legitimate"

    Both are useful in their own ways; SPF helps to stop spoofing, while DomainKeys helps to establish trust between mail servers.

    James Lance
    Senior Developer / Analyst
    SmarterTools Inc.
    (877) 357-6278
    www.smartertools.com

    SmarterMail - Windows Mail Server and Microsoft Exchange Alternative
    SmarterTrack - Help Desk, Ticket Tracking, Live Chat, WhosOn, and Knowledge Base Software
    SmarterStats - Web Log Analytics and SEO Software
Page 1 of 1 (5 items)
Copyright © 2002-2010 SmarterTools Inc. All Rights Reserved.