On Thu, Aug 16, 2012 at 4:09 PM, Merrill Oveson <[email protected]> wrote: > Pluggers: > > > Pretend we are xyz company. So my email is [email protected]. xyz > email is hosted thru gmail. > > Some of our users got an email from [email protected]. > Now our support team never send the email. It's obvious spam. > > The question is: If we flag the email as spam, are you flagging > [email protected] as spam, > or is gmail smart enough to know to flag the sent from ip address?
This is called email spoofing. If wanted to, I could send you an email as [email protected] and it would come through fine. If they flag it as spam, then, in most spam systems, it will affect legitimate emails from the same email address. The most common defense I've seen people try to use for this is SPF records. You can specify SPF information in your DNS TXT records that specify which servers are allowed to send out mail from your domain. Unfortunately, people don't always send email out through your SMTP server. When they are away from the office, they may want to send mail from their home connection and their ISP may require them to send out mail via their SMTP server and block ports otherwise (this is very common among the big ISPs). This means that legitimate mail will be flagged due to SPF records. I see very few large companies using solid SPF records on their domain for this reason. Most are just set to flag, but not deny mail from other servers. The other issue is that many mail servers do not even check SPF records and aren't required to, although I think most do. > It drives me crazy that gmail doesn't show the full headers. Even if you showed full headers, it would be very difficult to know who the mail actually came from and if it was legitamate if you don't know how to read email headers and see what servers we can confirm they went to (gmails servers only know which server handed them the mail, any other relays could be faked in the headers). More info on email spoofing: http://en.wikipedia.org/wiki/E-mail_spoofing and Sender Policy Framework: http://en.wikipedia.org/wiki/Sender_Policy_Framework -John Shaver /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
