ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Blocking Spoofed Inbound Email - Office365

    Scheduled Pinned Locked Moved IT Discussion
    24 Posts 6 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @JaredBusch
      last edited by

      @JaredBusch said in Blocking Spoofed Inbound Email - Office365:

      @DustinB3403 said in Blocking Spoofed Inbound Email - Office365:

      .....

      ..........
      ........
      ......
      ....
      ..
      .

      We have no SPF records setup on our domain at all...

      It is technically a TXT record. Make sure you look in the right place.

      It once was TXT, then it was it's own record and now it's back to being a TXT again.

      JaredBuschJ 1 Reply Last reply Reply Quote 1
      • DustinB3403D
        DustinB3403
        last edited by DustinB3403

        OK I found our records,

        We have 4 in place at moment, the top one being what it should.

        The other three are just weird.

        @None 7200 correct spf address from what we can find.
        @None 7200 google-site-verification=9832459823-45=- (some crap)
        @None 3600 928640235(some crap)
        @None 3600 21489789274563(some crap)

        We're checking with the MSP, see if they set these other 3 up for some reason, or if they know what they are.

        JaredBuschJ 1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch @DustinB3403
          last edited by

          @DustinB3403 said in Blocking Spoofed Inbound Email - Office365:

          OK I found our records,

          We have 4 in place at moment, the top one being what it should.

          The other three are just weird.

          @None 7200 google-site-verification=9832459823-45=- (some crap)
          @None 3600 928640235(some crap)
          @None 3600 21489789274563(some crap)

          We're checking with the MSP, see if they set these other 3 up for some reason, or if they know what they are.

          Those are not for SPF usage. Those are usually added for domain verificaiton purposes for services.

          1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @Dashrender
            last edited by

            @Dashrender said in Blocking Spoofed Inbound Email - Office365:

            @JaredBusch said in Blocking Spoofed Inbound Email - Office365:

            @DustinB3403 said in Blocking Spoofed Inbound Email - Office365:

            .....

            ..........
            ........
            ......
            ....
            ..
            .

            We have no SPF records setup on our domain at all...

            It is technically a TXT record. Make sure you look in the right place.

            It once was TXT, then it was it's own record and now it's back to being a TXT again.

            It was never anything but a TXT record officially. The native SPF record was proposed but never ratified into a standard.

            1 Reply Last reply Reply Quote 0
            • DustinB3403D
              DustinB3403
              last edited by

              So you think the other 3 records are for something, but lord knows what?

              And the one correct record that we have verified should be doing what it needs?

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @DustinB3403
                last edited by

                @DustinB3403 said in Blocking Spoofed Inbound Email - Office365:

                So you think the other 3 records are for something, but lord knows what?

                And the one correct record that we have verified should be doing what it needs?

                That first one is obviously for google to verify the site. Likely because your website setup google analytics.

                Others are similar.

                1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender
                  last edited by

                  Any reason not to post the real DNS record? It's completely public on the interwebs.

                  1 Reply Last reply Reply Quote 0
                  • DustinB3403D
                    DustinB3403
                    last edited by

                    @Dashrender because I don't actually have them when I said "I" I meant my boss was able to locate them, he paraphrased the records to me.

                    1 Reply Last reply Reply Quote 0
                    • bbigfordB
                      bbigford
                      last edited by

                      I went way more basic...

                      0_1465855337147_domain.png

                      I found out immediately that a sales site (hosted externally) uses a spoofed email address to work. That stopped working and I just put in an explicit rule for that outside source.

                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                      • momurdaM
                        momurda
                        last edited by

                        https://technet.microsoft.com/en-us/library/dn789058(v=exchg.150).aspx

                        If one of those txt records doesnt say
                        v=spf1 include:spf.protection.outlook.com -all
                        It isnt correct for o365.
                        Yours may have some other include:external static ip address of mail server if you have local servers that send email out(spiceworks, backup appliance, etc)

                        1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @bbigford
                          last edited by JaredBusch

                          @BBigford said in Blocking Spoofed Inbound Email - Office365:

                          I went way more basic...

                          I found out immediately that a sales site (hosted externally) uses a spoofed email address to work. That stopped working and I just put in an explicit rule for that outside source.

                          That will stop internal users form seeing spoofed email, but that has nothing to do with the ability for spoofed email to be sent in your name though.

                          1 Reply Last reply Reply Quote 0
                          • coliverC
                            coliver
                            last edited by

                            You could also easily do an nslookup to confirm these records. Just make sure you set the type to txt, on Windows at least.

                            1 Reply Last reply Reply Quote 0
                            • 1
                            • 2
                            • 2 / 2
                            • First post
                              Last post