Incoming SPAM is tackled at the gateway correct? Do your users have individual control over their Blacklists or do you manage that globally? If they manage their own, why not have them blacklist their own address? I know their may be exceptions, but are there any legitimate reasons why incoming mail traversing your gateway should appear to be coming from your domain?
- Sean On Tue, Feb 17, 2009 at 9:34 AM, Thomas Gonzalez < tgonza...@girlscouts-swtx.org> wrote: > That's exactly what I'm battling right now Joe…if you look at the header > you will see the actual sender / originator. I couldn't give you a correct > way how to tackle this issue. But this backscatter has become a pain in the > you know what. > > > > *From:* Joe Heaton [mailto:jhea...@etp.ca.gov] > *Sent:* Tuesday, February 17, 2009 12:30 PM > *To:* MS-Exchange Admin Issues > *Subject:* Incoming spoofed e-mail issue > > > > I'm getting users who are getting lots of mail in their inbox every morning > that looks like it is coming from themselves. Looking at the headers, I see > various actual senders, many coming from domains ending in .ru, or .pl, > etc. Is there a way of blocking e-mails from these foreign domains? None > of my users have legitimate business with anyone in Russia, or Poland, or > any other foreign country. I tried setting this up under Sender Filtering, > by putting the following in, for example: *...@*.pl > > > > Is there a different way of putting this in? I notice that the > instructions for Sender Filtering says to block messages "claiming" to be > from the following:, but these messages are actually "claiming" to be from > the user, not what is actually in the header. Is there a different way of > filtering these messages? There's nothing in the subject line that is > keying the IMF, or my Symantec Mail Security for Microsoft Exchange. > > > > Joe Heaton > > AISA > > Employment Training Panel > > 1100 J Street, 4th Floor > > Sacramento, CA 95814 > > (916) 327-5276 > > jhea...@etp.ca.gov > > > > > > > > This email and any attached files are confidential and intended solely for > the intended recipient(s). If you are not the named recipient you should not > read, distribute, copy or alter this email. Any views or opinions expressed > in this email are those of the author and do not represent those of the Girl > Scouts of Southwest Texas. Warning: Although precautions have been taken to > make sure no viruses are present in this email, Girl Scouts of Southwest > Texas cannot accept responsibility for any loss or damage that arise from > the use of this email or attachments. > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
