| How is spoofed email getting past SPF? | sjmp | 5/2/12 9:31 AM | SPF is enabled - how does an email get through from Accoun...@verizonwireless.com <wAccoun...@verizonwireless.com> w/ being sent from 180.94.157.12 - w/ hyperlinks to view/pay bill going back to http://easycompvha.com.br/oLd0wBqV/index.html How does |
| Re: How is spoofed email getting past SPF? | sjmp | 5/2/12 9:49 AM | Below is header - can you please explain how I received this email? I was not on the To list - either in the email or in the header. But it was successfully delivered to me. Received: from http://psmtp.com (74.125.149.50) by http://MAIL.gr.com (192.168.2.34) |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 5/2/12 9:50 AM | Have to ask, since no header was provided. Did the email actually go through Postini? Did you run the header through the Postini header tool? |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 5/2/12 11:46 AM | Did you enter this header into the Postini header analyzer? The user settings are not listed, most likely due to being sent BCC and SPF only works for registered users. I'll assume the catch-22 is, that Postini needs to see the user to apply the SPF |
| Re: How is spoofed email getting past SPF? | sjmp | 5/2/12 12:03 PM | But it was delivered to everyone in the TO and CC as well. All of them were delivered. |
| Re: How is spoofed email getting past SPF? | sjmp | 5/2/12 12:10 PM | the header tool does not tell me anything that is useful in correcting the problem. I need Postini to recognize that verizonwireless and the sending ip are not the same. That should be pretty basic spam filtering. SPF is enabled so how does this crap |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 5/2/12 1:47 PM | You asked why did you get the message, that's what I answered. What are the settings for SPF that you have set? I agree that all email should be subject to the SPF filtering rules and not just registered users. In checking the MX for http://gr.com, there a |
| Re: How is spoofed email getting past SPF? | sjmp | 5/3/12 7:44 AM | Are you serious frank. I am not posting our domain name on a public forum. Just answer the questions. Registered users got the emails.SPF is set for Reject/Fail. Disable/Soft This email is a Fail - should of been rejected. At least quarantined. It w |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 5/3/12 8:35 AM | Why the messages were delivered when SPF was set to hard fail, is a question you may need to ask support. Support will need the headers of messages that did not meet the SPF filter settings. SPF filtering will only apply to registered users and by al |
| Re: How is spoofed email getting past SPF? | sjmp | 5/3/12 12:06 PM | All 6 registered users received it. How do I contact support? Again - I will not be able to post headers on public domainThanks, |
| Re: How is spoofed email getting past SPF? | sjmp | 5/3/12 1:52 PM | Received: from http://psmtp.com (74.125.149.116) by http://mail.mydomain.com (192.168.2.34) with Microsoft SMTP Server id 14.1.355.2; Thu, 3 May 2012 15:57:32 -0400 Received-SPF: none (http://google.com: abma...@adicon.net does not designate permitted sender hosts) cl |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 5/4/12 3:45 PM | By chance, is http://linksys.com an approved sender in the Org level approved senders? |
| Re: How is spoofed email getting past SPF? | jconner | 7/2/12 2:08 PM | I have had the same issue, I would make sure that your email enabled groups are covered by Postini as an alias. Also I would make sure Postini is configured to reject email to all unknown users, it will help reduce the amount of these that go throug |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 7/2/12 3:14 PM | Don't forget spooling is delayed by at least a minimum 15 mins, unless you manually spool. The only messages that are spooled are deliverable messages. Quarantine messages are not spooled and sent directly to quarantine. During spooling, messages a |
| Re: How is spoofed email getting past SPF? | Gerald Cox | 1/22/13 6:30 AM | sjmp, I feel your pain. I regularly get emails that should be caught by SPF. Here is an example: Microsoft Mail Internet Headers Version 2.0Received: from http://psmtp.com ([10.0.6.1]) by http://mail.mydomain.com with Microsoft SMTPSVC(5.0.2195.7381); Tue, 22 Jan |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 1/22/13 7:32 AM | That is because http://palmerteam.com does not publish an SPF TXT record and RFC 4408 guidelines say to treat these domains as NONE. Neither Google or Postini allow for any routing for this disposition and Postini only provides dispositions for "SoftFail" a |
| Re: How is spoofed email getting past SPF? | Gerald Cox | 1/22/13 7:36 AM | I see that in the message header but why is http://palmerteam.com tested for SPF when the listed from address is: wmt-n...@google.com. Shouldn't the http://google.com MX SPF records be tested for the sending IP of this email? |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 1/22/13 8:16 AM | I assumed this was a redacted NDR from Google notifications. Is this the actual header from the message you received from Postini? |
| Re: How is spoofed email getting past SPF? | Gerald Cox | 1/22/13 8:41 AM | <This message has been deleted.> |
| Re: How is spoofed email getting past SPF? | Gerald Cox | 1/22/13 8:42 AM | <This message has been deleted.> |
| Re: How is spoofed email getting past SPF? | Gerald Cox | 1/22/13 8:43 AM | This header information is from one of the messages I have received today. Thus far, I've received 5 of them with this text: Thank you for taking the time to contact us. Within two weeks we should be able to provide you with a decision in regard to y |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 1/22/13 9:08 AM | I'm still not clear where this is coming from. Post the complete header, redacted as needed to show the sender, return path, subject, etc, including the Postini x-pstn headers. |
| Re: How is spoofed email getting past SPF? | Gerald Cox | 1/22/13 9:25 AM | Here is the header info from one of the emails: |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 1/22/13 9:52 AM | Looks like a spoofed http://google.com address. I would forward this to support and temporarily delete http://google.com address an approved sender. Add the http://google.com domain, as an inbound-sender-specific domain entry in your RPF settings. |
| Re: How is spoofed email getting past SPF? | Gerald Cox | 1/22/13 10:26 AM | I removed the Approved Sender address a little while ago, unfortunately, they're still getting through. I've been sending them to sp...@postini.com. |
| Re: How is spoofed email getting past SPF? | Gerald Cox | 1/22/13 1:18 PM | |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 1/22/13 3:13 PM | |
| Re: How is spoofed email getting past SPF? | Gerald Cox | 1/22/13 7:15 PM | |
| Re: How is spoofed email getting past SPF? | FrankM TC/Reseller | 1/22/13 11:03 PM | |
| Re: How is spoofed email getting past SPF? | Gerald Cox | 1/23/13 11:55 PM |