0
Welcome Guest! Login
0 items Join Now

Fighting Email Spoofing

Last Post
Search Topic
    • Aurora's Avatar
    • Aurora
    • Elite Rocketeer
    • Posts: 903
    • Thanks: 0

    Fighting Email Spoofing

    Posted 15 years 10 months ago
    • NOTE: i hope you guys are taking this into consideration. expecially if your on a shared hosting environment. i had to switched from my shared host company bluehost. to a more dedicated server/secure. one of my biggest issues was this below because i forgot to setup joomla to use php instead of smtp people can login at any time through my website smtp port and hack it. and heres something for you guys.

      Fighting Email Spoofing

      If someone seems to be using the address of your domain to send out spam, then the method he has employed is called email spoofing. Email spoofing is the practice of changing your name in email so that it looks like the email came from somewhere or someone else. However, you need not be concerned because;

      The spammer is not using our server to send out spam, hence your email address will never be blacklisted. A telnet to the SMTP port of your domain shows, that our server's are secure and do not authorize the use of this system to transport unsolicited and/or bulk e-mail.

      This is a very common occurrence which most people are aware of. Very often mail addresses like This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. You need JavaScript enabled to view it. etc are used to send out spam, so it really doesn't matter whether you have given out your email id to anyone. One can use any email address via email spoofing.

      Email spoofing is possible because SMTP (Simple Mail Transfer Protocol) lacks authentication. If a site has configured the mail server to allow connections to the SMTP port, anyone can connect to the SMTP port of a site and (in accordance with that protocol) issue commands that will send email that appears to be from the address of the individual's choice; this can be a valid email address or a fictitious address that is correctly formatted.

      You can create clearly defined/unique aliases, and use only those aliases. Then set the catch-all to trash anything else. This narrows the possibility of your email box being flooded by returns, while the spammer is finished using that domain. The best option at this moment is to add a spam filter. Also, do not publish your email addresses in public areas like forums, in the actual format which would help you from spammers reading out your email addresses. Publish the email addresses only in anti spam formats similar to user[at]domain[dot]com etc.
    #344317

  • Re: Fighting Email Spoofing

    Posted 15 years 10 months ago
    • Thanks for the info. :)
    #344344

Time to create page: 0.118 seconds