2 Replies Latest reply: Apr 8, 2013 6:49 AM by JimKlimov RSS

    How to stop fake email

    831622
      Hi Oracle,
      I have an domain on mail server example: abc.com with user u1@abc.com
      Another guy out side internet can use fake email u1@abc.com send mail to u1@abc.com

      How do I stop it ?

      Thanks!

      bash-3.00# ./imsimta version
      Oracle Communications Messaging Exchange Server 7u4-18.01 64bit (built Jul 15 2010)
      libimta.so 7u4-18.01 64bit (built 13:19:32, Jul 15 2010)
      Using /opt/sun/comms/messaging64/config/imta.cnf (compiled)
        • 1. Re: How to stop fake email
          Kellyc-Oracle
          Take a look at these pages:

          Handling Forged Email by Using the Sender Policy Framework
          https://wikis.oracle.com/display/CommSuite/Handling+Forged+Email+by+Using+the+Sender+Policy+Framework

          How Do I Prevent Email Forgery By Using DKIM?
          https://wikis.oracle.com/pages/viewpage.action?pageId=15466677

          Oracle Communications Messaging Server Best Practices for Fighting Email Spam
          https://wikis.oracle.com/display/CommSuite/Messaging+Server+Best+Practices+for+Fighting+Email+Spam
          • 2. Re: How to stop fake email
            JimKlimov
            You could also look into requiring SMTP AUTH for mails originating from your user accounts, at least from untrusted source hosts (perhaps based on examples about "mappings" and "imta.cnf" config files and examples on INTERNAL_IP, optional similar FRIENDLY_IP, and their order around RBL, metermaid and other simple-antispam features in the file, and requiring channel-switching) - this way fake emails from outside your network won't be able to originate so easily. Of course, whenever you request passwords (web, smtp, imap) - use SSL or STARTTLS to protect user logins and passes from sniffing on their way through the internet.