Blocking Spoofed Email

Resson (ressonALTAVISTA.NET)
Sat, 20 Nov 1999 10:45:47 +1100

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Ussr Labs: "Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability"
• Previous message: Martin Kay: "NT System Policy for Win95 Not downloaded when adding a space aft er domain name"
• Next in thread: ðÉÞÕÇÉÎ ôÉÍÕÒ äÍÉÔÒÉÅ×ÉÞ: "Re: Blocking Spoofed Email"
• Reply: ðÉÞÕÇÉÎ ôÉÍÕÒ äÍÉÔÒÉÅ×ÉÞ: "Re: Blocking Spoofed Email"

Hi All,

MS KB "Q155683 - XFOR: Verification of FROM Address in SMTP Messages"
(http://support.microsoft.com/support/kb/articles/Q155/6/83.ASP) refers to the ability to set up exchange to turf messages claiming to come from a particular email domain. This is handy as it helps prevents spoofing of internal email addresses.

According to the knowledge base you can set up the registry with the string of the site you wish to block along these lines:

someorg.somedomain.somecountry

Having tried this recently there seems to be a problem. Namely, whilst it blocks messages claiming to originate at the above it also blocks messages claiming to originate from

somehost.someorg.somedomain.somecountry

Many unix hosts etc send administrative alerts along these lines, and I don't want to throw out those messages along with ones which might genuinely be trying to spoof internal messages.

Anybody have any experience with this? Know of a fix? Spoken to Microsoft?

Cheers,
Resson.

• Next message: Ussr Labs: "Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability"
• Previous message: Martin Kay: "NT System Policy for Win95 Not downloaded when adding a space aft er domain name"
• Next in thread: ðÉÞÕÇÉÎ ôÉÍÕÒ äÍÉÔÒÉÅ×ÉÞ: "Re: Blocking Spoofed Email"
• Reply: ðÉÞÕÇÉÎ ôÉÍÕÒ äÍÉÔÒÉÅ×ÉÞ: "Re: Blocking Spoofed Email"

This archive was generated by hypermail 2.0b3 on Tue Nov 23 1999 - 08:48:16 CST