With the way that SMTP works, anyone anywhere can specify any email address as their From address as long as they have a mail server that allows them to do so. From address may be completely false or even non-existent.
Note: There is no way to prevent other people from using your email address. There are no services that can completely prevent spammers from using your email address since they are using a different mail server. Smarsh Hosted Services has no control over it. However, you may want to protect your account using the following methods:
In general, there are two situations that can make you aware that your email address was spoofed:
- You receive bounce back emails or replies to messages you didn't send:
There is no way to prevent the bounce back messages from coming to you. If a message gets returned to the sender, it goes to the actual holder of the From address, regardless of who sent it. Similarly, when someone replies to a message, it always goes to the reply-to address.
- You receive messages with your email address in the From field (or in both To and From fields):
Make sure that your domain and/or email address is not whitelisted either in Outlook/OWA.
- Remove your domain from:
- Email Security Safe Senders List.
- Email Protection Safe Senders List.
- Personal Safe Senders List
- Email Security Safe Senders List.
Note: Users can access their personal Safe Senders List by clicking the Manage quarantine email or Manage safe/blocked lists buttons from any of the Quarantine reports.
Note: some spammers can specify you address as both From and To addresses, so you will receive the message in any case (even if it bounces).
Read the Wikipedia® article on Backscatter (e-mail) for more information about backscattering.
In such situation, it is recommended to create an SPF record for your domain. SPF helps mail servers to distinguish forgeries from real mail by making it possible for a domain owner to specify the IP addresses/servers from which mail can be sent. That way, if any other machines try to send mail from that domain, the recipient mail server knows that the From address is forged.
Failed SPF validation will add supplementary spam score to the spoofed email and this will increase the chances that this email will be delivered to Junk.
Note: SPF is designed to check the domain listed in the Envelope-from address, rather than the From address. Spoofers will exploit this by using a domain without SPF records as the Envelope-from and using the recipient domain in the From address.
Read the Knowledge Base article on What is an SPF record? What do I need to do about it? for more information.
With Email Security, you have the following options to block messages with a forged From address which might be, in fact, your own email address or some inexistent email address at your domain.
- If you have only Exchange mailboxes on the account you may want to add your own domain to Blocked Senders list. This action won't affect internal mail flow since mail delivery between internal users isn't filtered.
- If you have Exchange mailboxes and also have SMTP-applications (e.g. printer, web form, etc.) sending mail to the users on the account, you still can add your own domain to Blocked Senders list, but make sure you added From email address or IP address of the application to Safe Senders.
- If a part of the users on the account has POP/IMAP mailboxes, blocking your own domain won't be the best option, because you will need to add all existent mailboxes to Safe senders list. This technique has its drawback: spoofed emails which appear as coming from the existed email address on the account won't be blocked as such email addresses will be added to Safe Senders list. So this option is useful only if you receive spoofing from an inexistent email address at your domain.
With Email Protection, you have the following options to stop the Header from spoofing:
- If you have only Exchange mailboxes on the account, add your own domain to the Blocked Senders list.
- Add any external senders that should legitimately be able to send as the domain to the Safe Senders lists. This will override the domain-wise Blocked Senders list. If the external senders are SMTP-applications (e.g. printer, web form, etc.) it is advised to add the sending IP address to the Safe Senders list.
With Email Protection Full and Email Protection + DLP, you have the option to enable anti-phishing check Emails from domains that match your domain. The following check can be used to help detect and protect against phishing, spear-phishing and spoofing attacks
Refer to the article Email Protection: Managing Anti-Phishing And Anti-Spoofing Policies for additional information