Monday, 16 March 2015

Stop Spoofing - How?


Looking at the subject you might think that there is a way to stop spoofing, But let me tell you this, Technically there is no way to stop getting spoofed,

But but.. You can prevent this..

The best things for not getting spoofed is to show that you are the domain authority, If you do so, then you don't have to worry as all servers are smart enough to identify the mails as spam if your domain gets spoofed, But nothing is default. I am listing few things you need to ensure to avoid being spoofed.
  1. Ensure your domain has Proper SPF Record.
  2. Make sure every relay IP's are being added to SPF Record.
  3. Office365 SPF Looks v=spf1 ~all
  4. In-case you are migrating from some other server, Make sure you have no entries present in Legacy server. 
  5. Every client you use, Outlook, Mobile App needs to be updated with all latest patches.
  6. Regular virus clean up is mandatory on client installed systems.
  7. Avoid sharing official email address, for such third party blogs etc.
  8.  Great news is now Microsoft Office365 Supports DKIM & DMARC

I am also explaining how these steps would prevent being spammed & advantages.

Every servers will do reverse lookup to see if the matches with actual sending IP, If not it increases SCL Value & respective spam action(Quarantine, Junk, Reject) be taken by remote servers.

So if you have SPF Published for your domain with DNS Servers, the chances of prevent spoof is high.

If your domain is completely hosted with Office365 & you receive spoof/phishing  mails to your domain users, there is a workaround that you can simply create a transport rule to block/quarantine/delete mails comes from from Outside Organization, Simple logic there is no way you gonna get the mails from external with

Don't miss out to look at the Best Practices to Configure EOP

Please feel free to post for any questions or comments.

Kingson Jebaraj

No comments:

Post a Comment

Blog Archive