Russ, that's why, I believe, cfmail has username/password implemented. You can pass in your authentication information and you're good to go. We have a dummy email address setup that is used for authentication only. It has a "generic" password but is still a secure one (meaning it doesn't match or relate to our company; just some random letters/digits).
I'm not saying this is the #1 solution or the final but def something someone should implement. You have done with your SMTP box. You constrained relays to your web farm only which is what "or similar" meant. We have relays set to only valid email addresses but we could loosen up and say "from our domain" or other. Bottom line, you have relay constraints and that is good. It isn't a win-for-all but it def helps, agreed? :-) On 7/2/06, Snake <[EMAIL PROTECTED]> wrote: > > Unfortunately that causes other problems. > > Customer has mydomain.com with several other domains aliased to it, not to > mention email aliases. > Enforcing that only the login mailbox name can be used as the > from address, > which causes more complaints from customers who want to use their aliases. > This is also not a good solution for sending mail from web sites. > If you force customers to send mail form their web site through their own > mailbox, then you are putting a huge amount of extra load on your client > pop/smtp server and slows mail down, especially when they do huge mail > shots. > We have a dedicated SMTP server which is used ONLY by the web servers for > relaying mail. It allow sonly our web servers to relay through it and is > thus open to them. > Often when customers send email form web sites they send from an address > such as INFO or SALES which is usually a MRA/List/forwarder, so the > "SENDER > must match the authenticated mailbox name" wont work here either. > > Of course this would only stop your customers doing naughty things anyway, > it doesn't stop anyone else doing it to you or your email address. And > invariably the spammers and phishers will have their own mail server > anyway, > so can do whatever they want. > All you need is an ADSL line and an SMTP server. > > Snake > > -----Original Message----- > From: John C. Bland II [mailto:[EMAIL PROTECTED] > Sent: 02 July 2006 07:35 > To: CF-Talk > Subject: Re: How do "Phishermen" send an email from a legitimate domain? > > The easy way is to enforce no relays or similar. We require authentication > so you can't send an email from a bum address and you can't send without a > password (even from web sites) OR being on our server during send. SPF is > a > great thing to have as well but you should enforce as much security as > possible. > > On 7/1/06, Snake <[EMAIL PROTECTED]> wrote: > > > > You could employ SPF on your domain, so any ISP that enforces SFP > > checking will then make sure that emails from your domain came form > > allowed IP address. So any mail sent by spammers and phishers will not > get > through. > > > > Snake > > > > > > -----Original Message----- > > From: Rick Faircloth [mailto:[EMAIL PROTECTED] > > Sent: 01 July 2006 17:34 > > To: CF-Talk > > Subject: RE: How do "Phishermen" send an email from a legitimate domain? > > > > So, I guess, in the end, there is no way to prevent email from being > > sent from my own domain... > > > > > > > > -----Original Message----- > > From: Snake [mailto:[EMAIL PROTECTED] > > Sent: Saturday, July 01, 2006 12:13 PM > > To: CF-Talk > > Subject: RE: How do "Phishermen" send an email from a legitimate domain? > > > > Open outlook, goto tools -> email accounts Select one of your email > > accounts to edit. > > Change the from address to [EMAIL PROTECTED] > > > > Or create a CFM page to send an email. > > Set the from address as "[EMAIL PROTECTED]" > > > > There you go. > > > > The from address you send an email from can be anything you like, this > > has nothing to do with the mail server, which only validates the > > acocunt you are logging into to send the email. > > > > Snake > > > > > > -----Original Message----- > > From: Rick Faircloth [mailto:[EMAIL PROTECTED] > > Sent: 01 July 2006 16:18 > > To: CF-Talk > > Subject: OT: How do "Phishermen" send an email from a legitimate domain? > > > > Good morning, all. > > > > I, like many others, get phishing emails frequently, and can catch the > > spoof simply by looking at the hyperlinks of addresses.such as > > [EMAIL PROTECTED], which going to [EMAIL PROTECTED], > > but my question is: > > > > How can a phishing email be sent from [EMAIL PROTECTED] ? How can > > the PayPal.com domain be used if their email servers are set up > correctly? > > > > I ask because I get phishing email sent to me using my own domain > > frequently, but I assume I haven't got everything set up perfectly, > > nor do I know how. > > It's > > not too bad to live with at this point. I just wonder how that can do > > that with PayPal's domain, as well. > > > > Rick > > > > > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:245259 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
