email spoof

Is there a way to prevent email spoofing. My user complaint about people are
calling them and asking why she send certain message. She confirmed with me
that she never sent those message. I think this is a case of email spoofing
right? I confirmed that her machine does not have virus. I spoke with
Trendmicro and Symantec and they their is no way to avoid email spoofing? Are
they correct? Is there any thing I can do?

thanks

Rob
Thu Nov 11 19:44:52 CST 2004

At the moment, you cannot stop spoofing on all mail servers throughout
the Internet. However, there is a push right now to get administrators
to support SPF (Sender Policy Framework). In a nutshell, here is how
SPF works:

The owner of a domain adds a specially formatted TXT record to his DNS
server. This text record lists what servers are allowed to send mail
for the given domain. Now, when a mail server receives email, the one
thing it knows for certain is the IP address of the server sending the
mail. So, when a server receives an email claiming to be from
jowblow@yourdomain.com, the mail server checks the SPF TXT record for
yourdomain.com. Is the IP address of the sending server listed as a
server that can send mail for yourdomain.com? If not, then it can be
considered a spoof.

So you ask, "What's the problem? How come everyone doesn't use SPF?"
The problem is that it is new and hasn't been embraced by everyone yet.
Not everyone has created SPF records for their domains. Most email
server software doesn't support SPF out of the box. Even if it did, you
wouldn't want to reject every email from a domain without a SPF record
because not everyone knows about SPF and most people haven't taken the
time to set up a SPF record for their domain.

But as time goes on, SPF will reach critical mass. Users will find
their email being rejected more times than not if their domain does not
have a SPF record. When that time comes, everybody will start getting
with the program.

For more information, check out the following:

spf.pobox.com

http://www.microsoft.com/mscorp/twc/privacy/spam/senderid/default.mspx

Microsoft has something called Sender ID. I think it used to be called
Email Caller ID. It adds something to SPF but I'm not sure how it
works. I suppose I should read my own link!

In article <1B17EFCF-6A64-45A1-8075-BED64E883A0F@microsoft.com>,
joe@discussions.microsoft.com says...
> Is there a way to prevent email spoofing. My user complaint about people are
> calling them and asking why she send certain message. She confirmed with me
> that she never sent those message. I think this is a case of email spoofing
> right? I confirmed that her machine does not have virus. I spoke with
> Trendmicro and Symantec and they their is no way to avoid email spoofing? Are
> they correct? Is there any thing I can do?

Kevin
Thu Nov 11 22:55:44 CST 2004

Joe, consider you send an email to Harry, a friend of yours, to his home
email account. Harry adds your email address to his address book. Then,
Harry's computer gets infected with an email spoofing virus. Many of these
types of viruses will read the address box, and then generate email as it
was coming from the person listed in the address book.

In this case, the virus would go through Harry's address book, grab your
name and generate and send out email, making it look like it came from you,
although in reality it's coming from Harry' computer.

--
Kevin Weilbacher [SBS-MVP]
"The days pass by so quickly now, the nights are seldom long"


"joe" <joe@discussions.microsoft.com> wrote in message
news:1B17EFCF-6A64-45A1-8075-BED64E883A0F@microsoft.com...
> Is there a way to prevent email spoofing. My user complaint about people
> are
> calling them and asking why she send certain message. She confirmed with
> me
> that she never sent those message. I think this is a case of email
> spoofing
> right? I confirmed that her machine does not have virus. I spoke with
> Trendmicro and Symantec and they their is no way to avoid email spoofing?
> Are
> they correct? Is there any thing I can do?
>
> thanks