This content has been marked as final. Show 2 replies
Take a look at these pages:
Handling Forged Email by Using the Sender Policy Framework
How Do I Prevent Email Forgery By Using DKIM?
Oracle Communications Messaging Server Best Practices for Fighting Email Spam
You could also look into requiring SMTP AUTH for mails originating from your user accounts, at least from untrusted source hosts (perhaps based on examples about "mappings" and "imta.cnf" config files and examples on INTERNAL_IP, optional similar FRIENDLY_IP, and their order around RBL, metermaid and other simple-antispam features in the file, and requiring channel-switching) - this way fake emails from outside your network won't be able to originate so easily. Of course, whenever you request passwords (web, smtp, imap) - use SSL or STARTTLS to protect user logins and passes from sniffing on their way through the internet.