Sender from address verification

dawie_strauss

• September 06, 2022 07:04

I've just noticed something thatalarms me. If I have the email username and password for say user A@mydomain, I can use sendmail for example to send from user B@mydomain, as long as user B exist. Is there any way to prevent this? Otherwise one compromised user account means is is possible to spoof mail from the whole domain.

• 

  mtindor

  • September 06, 2022 14:34

  Regardless of whether a users' email account is compromised, one can still easily spoof email from a domain. That's what SPF / DKIM / DMARC are for. But, if a user's email account is compromised, it's even more easy to spoof mail for any users in that domain -- since the emails will pass all SPF / DKIM / DMARC checks. It's just a nature of the beast. The From: address has always been easily forged.

  0
• 

  dawie_strauss

  • September 06, 2022 15:00

  Regardless of whether a users' email account is compromised, one can still easily spoof email from a domain. That's what SPF / DKIM / DMARC are for. But, if a user's email account is compromised, it's even more easy to spoof mail for any users in that domain -- since the emails will pass all SPF / DKIM / DMARC checks. It's just a nature of the beast. The From: address has always been easily forged.

  
  Thank you. I'm obviously not an email expert. But since I know we use SPF / DKIM / DMARC I was wondering if the from field can be checked against the authentication details, but I can't find any info on this. So looks like thats the way it is.

  0

Please sign in to leave a comment.