On 2/11/2013 4:39 PM, Sean Lazar wrote:
Jay, you need to have SPF records for your domain. This will prevent the spoofing you are seeing.
yep, while the purpose and effectiveness of SPF records are generally VERY overrated... yet for a situation like this, an SPF record is VERY valuable and it would be advised that you set this to a rather strict record for a period of time. (just try to account for all the various 3rd party sending scenarios your users do, like sending from a blackberry server, or e-mail forwarding, for any other situation where a legit 3rd party IP would be legitimately sending mail with a "from" address using your domain, etc.) Then again, if this is "spear phishing" or very personalized harassment, then the value of an SPF record would be somewhat uncharted territory (at least for me)... it would be interesting to see if that improves things. But, at the least, it would likely help some. -- Rob McEwen http://dnsbl.invaluement.com/ rob@invaluement.com +1 (478) 475-9032