General discussion


Spoofed e-mails

By sstark ·
I am getting replies from people saying that someone in our orginazation has sent them a virus. I suspect they are spoofing the "Who" or "Reply to" field, but I want to know if there is anything on my end that I can do to prevent this?


This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Email viruses have their own SMPT engine

by stress junkie In reply to Spoofed e-mails

Some email viruses use their own embedded SMTP delivery code.

I believe that your best response is to get some corporate anti virus software that will run on your mail server. I believe that Sophos makes a good one.

Collapse -

Spoofs are hard to stop

by djbrown62 In reply to Spoofed e-mails

Check the computers in your organization with a virus scanner to be sure they don't have a virus.

If you're correct and the address is being spoofed, the virus scanner won't help you. The mail is coming from someone outside your organization who has both the spoofed sender and the recipient in their address book. If that's the case, it's outside your organization and your control.

One option to reduce the receipt of spoofed mail is a spam-filter. The better ones use a bayesian filter to analyze the mail. As you show it what you feel is good or bad mail, it learns how to tell the difference for itself and blocks the bad mail.

Collapse -

RE: Spoofed e-mails

by TheSulz In reply to Spoofed e-mails

Digital Signatures are the only way to go if your in a company.

Collapse -

RE: Spoofed e-mails

by gshollingsworth In reply to Spoofed e-mails

When I receive an e-mail from an automated virus-scan telling me I sent an infected e-mail, I investigate.

First, I read the notice. If it identifies the virus, I look it up. I make note if it spoofs addresses. If a copy of the e-mail is included, I examine the headers to see for myself if the address is spoofed. I then update virus signatures and perform a scan. My computers have yet to be infected, but I double-check.

Once I determine the address has been spoofed, I send an e-mail to the site that notified me. I ask them to please reconfigure their auto-notify to not send messeges to spoofed addresses.

Collapse -

My fix

by adeal In reply to Spoofed e-mails

Have them check the IP address in the header. If it's yours, it's easy to solve. If it's from somewhere else, find out where. They may not be aware of the problem.

The people getting the spoof e-mails can do something to stop it too, if they have access to the mail server (assumming). Any decent spam filter (Logsat makes a great product) has a reverse DNS lookup feature that takes care of this. (If you're not who you say you are, it disconnects you.) What is likely happenning is that someone who has e-mail addresses of your organization in their contact list has been infected, and it's sending out the spoof e-mails, probably to more places than yours. I've seen it happen before.

Hope that helps.

Back to IT Employment Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums