How to handle the “fake mail”

Tags:
Vendors
Dear All, As we know, we always receive the mail from some "known" person which virus infected. But, in fact, this just coming from someones' computer have been infecting such as infected by Netsky. Our managment so conern how to handle / prevent this kind of mail. Due to to confuse for recipient. Any product to do that ? Your help would be very appreciated ! Jeff

Answer Wiki

Thanks. We'll let you know when a new response is added.

There is no real obvious answer to decide whether an email from a trusted source is safe or not just from the address. The typical process being used by most businesses/people is to have their email server or an external source check every email for any one of the many problems.

Two examples are needed to describe the situation as it depends on your email system. First there are many quality products out there that will work with your email server to check each incoming and outgoing email for any possible issues. Second there are services on the Internet like Postini (no connection on my part) that you give permission to have your email re-directed through their servers and they check the email for the same issues.

There are many proponents to both approaches. It really just depends on your individual situation.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • ArrghOff2Pillage
    If you find a solution, let us know! (That is if you are not too busy counting the money you earn from it;-)) Running AV on the server is a good first step (taking care to verify that the update interval is correct. Norton by default sts theirs to one WEEK! They should know better) Cover it with workstation scanning. This should quarantine all but the newest variants. Post mortem, you can usually verify the originating server by looking at the header info. In outlook, highlight the message and RIGHT click it, choose options. The header info appears in the bottom part of the resultant dialog. Note that some virus writers have been using the machine name as part of the sending domain. This is sometimes handy in isolating the machine. Usually you can ID the provider from the IP using one of the whois agents on the web (ARIN for the US, RIPE for most of Europe) then notify the ISP. Include supporting log data for your claim. Don't expect a response, but if all would report back to the ISPs, perhaps we could be enough of a headach to make them do something, like limit SMTP traffic only to registered servers. On firewalls I set up, that is exactly what happens. Several Large ISPs here in the states have moved in that direction.
    0 pointsBadges:
    report
  • Joshua2
    Most anti-spam products can help combat this. The problem is that tightening up these types of rules can quickly increase false positives. I try to educate users on 'spoofing' (although I'm having very mixed results). I'm going to try showing them how to read headers...but I don't have high expectations. If the message has a high-risk attachment it is immediately deleted - that removes most mail-borne threats. The system also removes active content from messages. To completely eliminate this problem, I'd guess that you'd have to implement a *very* strict ruleset that filters these messaegs. You'd then have a lot of false positives, so you'd need a big whitelist. Some anti-spam products allow the users to create their own lists, so that might work for you.
    0 pointsBadges:
    report
  • Seventeenli
    Most important is when vendor has received a virus infected mail from "our user", sure is from fake address. Then they inform our user and our user also received the virus notification that is too confuse / trouble to them. Our management wants to trace the original source and also do some prevention on this aspect.
    0 pointsBadges:
    report
  • Mpkn3rd
    Some of us were trying to tell you that at this time, doing what you ask is not possible. The ability to spoof From addresses is too easy and there is no trail of ownership that you can follow. There is work underway to combat this, but nothing that is available to consumers.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following