The Anti-Spoofing section under the Security menu contains tools to help you identify messages sent from forged, or "spoofed" addresses. There are six anti-spoofing features listed under this section: |
Reverse Lookups - Using these lookup options you can check to see if the sender's domain actually exists and if the sending server's IP address is associated with that domain.
Sender Policy Framework (SPF) - SPF is an open standard used to identify forged sender addresses in email messages. Specifically it protects the domain found in the SMTP envelope sender address, or return path. It does this by checking the domain's DNS record for an SPF policy to find out exactly which mail hosts are permitted to send messages on the domain's behalf. If the domain has an SPF policy and the sending host is not listed in that policy, then you can know that the address if forged.
DKIM Verification - This feature is used to verify DomainKeys Identified Mail (DKIM) signatures in incoming messages. When an incoming message has been cryptographically signed, SecurityGateway will retrieve the public key from the DNS record of the domain taken from the signature and then use that key to test the message’s DKIM signature to determine its validity. If the DKIM signature passes the verification test, the message will continue on to the next step in the regular delivery process and can optionally have its Message Score adjusted. DKIM verification helps to ensure not only that a message is coming from the purported sender, but that it hasn't been modified between the time it was signed and when it was delivered to you.
DKIM Signing - The signing options are used to control whether or not your domains' outgoing messages are cryptographically signed using DomainKeys Identified Mail (DKIM). You can also create the selectors and keys used for signing the domain's messages, and to designate which selector to use.
DMARC - There are three screens for configuring SecurityGateway's DMARC verification and reporting features: DMARC Verification, DMARC Reporting, and DMARC Settings.
Callback Verification - This is an anti-spoofing measure used to confirm the validity of the email address of an incoming message's purported sender. To do this, SecurityGateway will connect to the mail exchanger of the domain passed in the "MAIL From" statement during the SMTP session and attempt to verify whether or not that sender's address is a valid address at that domain. If the result of the check shows that the sender's address does not exist, then SecurityGateway can treat the message as if it is being sent from a forged address and therefore refuse the message, quarantine it, or accept it and optionally adjust its Message Score and add a tag to the Subject.
From Header Screening - This page contains options to help expose fraudulent (spoofed) "From:" headers in messages sent from spammers, that could potentially trick users into believing a message was sent from a legitimate source.