|Situation||Your domain or email messages are being spoofed through forged domains or other credentials. Your account domain is being spoofed in either the from header or the envelope sender.|
|Solution||Activate Inbound Domain Spoofing Protection on the Essentials console.|
Inbound domain spoofing protection
What is domain spoofing?
Domain spoofing is a common type of phishing scam where an attacker uses a company’s domain to impersonate the business or its employees.
What does the inbound domain spoofing rule do?
This rule is designed to quarantine external inbound message that appear to come from your organization. This tool will only work if you deliver your internal e-mail from your domain locally. If you receive e-mail from an external source using your domain name your messages will get quarantined.
How to enable
- Navigate to Company Settings > Spam.
- Enable Inbound domain spoofing protection.
Messages in the quarantine should now appear with a new category: Domain Spoofing
What Is Email Spoofing?
Email spoofing is the creation of email messages with a forged sender address (such as your own email address). It is easy to do because the core protocols do not have any mechanism for authentication. It can be accomplished from within a LAN (Local Area Network) or from an external environment.
Why Do People Spoof My Companies Email Address's And Others?
Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.
Here are some external articles about spoofing:
How Do I Help Prevent People Spoofing Me Or My Domain?
By adding SPF (Sender Policy Framework) records to your existing DNS information, this will increase the chances that any spoofed email will be detected and is an added security measure, as all incoming emails will have the sender information validated. Please note that by adding an SPF record does not make this 100% full proof.
Below are the SPF records, please use the one relevant to your platform
- US1, 2, 3 and 4
v=spf1 a:dispatch-us.ppe-hosted.com ~all
v=spf1 a:dispatch-eu.ppe-hosted.com ~all
Please Note: Proofpoint Essentials does not block an email outright for the SPF entry. This is because there are a large number of domains that have an incorrect SPF record. We will just increase the overall spam score.
A soft fail (~all) will increase the spam score moderately (which may not quarantine a message dependent on your spam threshold specified) whereas a hard fail (-all) will increase the score aggressively and quarantine the message if triggered.
Encountering any issues with spoofing? Check out these articles about some common issues:
- Messages from known services are quarantined, such as Printer, Application Service, and more
- Quarantining suspected spoof and allowing safe messages