bobjohnbob at gmail.com
Thu Aug 16 16:54:19 MDT 2012
On Thu, Aug 16, 2012 at 4:09 PM, Merrill Oveson <moveson at gmail.com> wrote:
> Pretend we are xyz company. So my email is moveson at xyz.com. xyz
> email is hosted thru gmail.
> Some of our users got an email from support at xyz.com.
> Now our support team never send the email. It's obvious spam.
> The question is: If we flag the email as spam, are you flagging
> support at xyz.com as spam,
> or is gmail smart enough to know to flag the sent from ip address?
This is called email spoofing. If wanted to, I could send you an
email as bill at microsoft.com and it would come through fine. If they
flag it as spam, then, in most spam systems, it will affect legitimate
emails from the same email address.
The most common defense I've seen people try to use for this is SPF
records. You can specify SPF information in your DNS TXT records that
specify which servers are allowed to send out mail from your domain.
Unfortunately, people don't always send email out through your SMTP
server. When they are away from the office, they may want to send
mail from their home connection and their ISP may require them to send
out mail via their SMTP server and block ports otherwise (this is very
common among the big ISPs). This means that legitimate mail will be
flagged due to SPF records. I see very few large companies using
solid SPF records on their domain for this reason. Most are just set
to flag, but not deny mail from other servers.
The other issue is that many mail servers do not even check SPF
records and aren't required to, although I think most do.
> It drives me crazy that gmail doesn't show the full headers.
Even if you showed full headers, it would be very difficult to know
who the mail actually came from and if it was legitamate if you don't
know how to read email headers and see what servers we can confirm
they went to (gmails servers only know which server handed them the
mail, any other relays could be faked in the headers).
More info on email spoofing:
and Sender Policy Framework:
More information about the PLUG