The Anti-Spoofing filter checks emails received with a sender email address claiming to originate from your own domain against a list of IP addresses known by MailEssentials. If the sender IP address is not on the list of own-domain server IP addresses, the email is blocked as the sender information is forged.
GFI MailEssentials can be configured to effectively block Spoofing emails as follows:
- Open your GFI MailEssentials Configuration.
- Expand the Anti-Spam node.
- Navigate to the Filter Priority node.
- Ensure that the Sender Policy Framework module has a higher priority than the Whitelist module.
- Ensure that the email address from which you are receiving the spoofed emails from is not listed within the Whitelist as MIME From: You can confirm this by performing the following:
- Open the GFI MailEssentials Configuration
- Expand the Anti-Spam node
- Click on Whitelist
- Check if the email address is listed from the Whitelist tab. If the email address is defined as MIME From, select it and click the Remove button to remove the entry.
- Adding your local domain to the blacklist is intended when internal emails are not passing through GFI MailEssentials. In a normal email setup, internal emails will not be passing through GFI MailEssentials.
- You should not add your local domain to the blacklist if GFI MailEssentials is installed on the same machine as Microsoft Exchange server and local users are using an SMTP client (e.g. Outlook Express) to send their emails to internal recipients.
Emails originating from forged senders should be correctly filtered and appropriate actions taken as per the configuration.
- How to determine why the Anti Spoofing spam filter blocked or allowed a message
- How to determine why the Sender Policy Framework spam filter blocked or allowed a message
- GFI MailEssentials - Best Practices for Spam filters