Blocking Spoofed Inbound Email - Office365
-
So we're having a bit of an on-going issues, where a spoofed email is able to get past the Office 365 spam filter rather easily.
This has been going on for some time, and it needs to come to an end, but I'm at a loss of what to do short of putting in an additional spam filter (barracuda).
Anyone any any additional ideas on how I can stop this?
-
A correct SPF should stop this. What yours look like?
-
I honestly don't know where to look for this on the 365 portal.
Give me a bit to see what I can find.
-
SPF is defined in your DNS system. Generally you set it up as one of the steps to using Office 365 as an email server.
-
.....
..........
........
......
....
..
.We have no SPF records setup on our domain at all...
-
@DustinB3403 said in Blocking Spoofed Inbound Email - Office365:
.....
..........
........
......
....
..
.We have no SPF records setup on our domain at all...
It is technically a TXT record. Make sure you look in the right place.
-
Here is mine on CloudFlare. The obfuscated part is the IP of my colo where I have some minor things that send email directly sometimes.
-
@JaredBusch said in Blocking Spoofed Inbound Email - Office365:
Here is mine on CloudFlare. The obfuscated part is the IP of my colo where I have some minor things that send email directly sometimes.
Thanks.
To confirm this is solely setup on our website host for the TXT / SPF records. Not within the office365 admin portal. Correct?
-
@DustinB3403 said in Blocking Spoofed Inbound Email - Office365:
@JaredBusch said in Blocking Spoofed Inbound Email - Office365:
Here is mine on CloudFlare. The obfuscated part is the IP of my colo where I have some minor things that send email directly sometimes.
Thanks.
To confirm this is solely setup on our website host for the TXT / SPF records. Not within the office365 admin portal. Correct?
So goddaddy.com or networksolutions.com, correct?
-
This post is deleted! -
@DustinB3403 said in Blocking Spoofed Inbound Email - Office365:
@DustinB3403 said in Blocking Spoofed Inbound Email - Office365:
@JaredBusch said in Blocking Spoofed Inbound Email - Office365:
Here is mine on CloudFlare. The obfuscated part is the IP of my colo where I have some minor things that send email directly sometimes.
Thanks.
To confirm this is solely setup on our website host for the TXT / SPF records. Not within the office365 admin portal. Correct?
So goddaddy.com or networksolutions.com, correct?
No. It has nothing to do with the webhost. It is a DNS record.
It will only be your webhost if that is also your DNS provider.
-
Yes whoever is providing your dns to the outside world, youll neeed to make a txt record that has v=spf1 include:spf.protection.outlook.com -all
or something like that. -
@JaredBusch said in Blocking Spoofed Inbound Email - Office365:
@DustinB3403 said in Blocking Spoofed Inbound Email - Office365:
.....
..........
........
......
....
..
.We have no SPF records setup on our domain at all...
It is technically a TXT record. Make sure you look in the right place.
It once was TXT, then it was it's own record and now it's back to being a TXT again.
-
OK I found our records,
We have 4 in place at moment, the top one being what it should.
The other three are just weird.
@None 7200 correct spf address from what we can find.
@None 7200 google-site-verification=9832459823-45=- (some crap)
@None 3600 928640235(some crap)
@None 3600 21489789274563(some crap)We're checking with the MSP, see if they set these other 3 up for some reason, or if they know what they are.
-
@DustinB3403 said in Blocking Spoofed Inbound Email - Office365:
OK I found our records,
We have 4 in place at moment, the top one being what it should.
The other three are just weird.
@None 7200 google-site-verification=9832459823-45=- (some crap)
@None 3600 928640235(some crap)
@None 3600 21489789274563(some crap)We're checking with the MSP, see if they set these other 3 up for some reason, or if they know what they are.
Those are not for SPF usage. Those are usually added for domain verificaiton purposes for services.
-
@Dashrender said in Blocking Spoofed Inbound Email - Office365:
@JaredBusch said in Blocking Spoofed Inbound Email - Office365:
@DustinB3403 said in Blocking Spoofed Inbound Email - Office365:
.....
..........
........
......
....
..
.We have no SPF records setup on our domain at all...
It is technically a TXT record. Make sure you look in the right place.
It once was TXT, then it was it's own record and now it's back to being a TXT again.
It was never anything but a TXT record officially. The native SPF record was proposed but never ratified into a standard.
-
So you think the other 3 records are for something, but lord knows what?
And the one correct record that we have verified should be doing what it needs?
-
@DustinB3403 said in Blocking Spoofed Inbound Email - Office365:
So you think the other 3 records are for something, but lord knows what?
And the one correct record that we have verified should be doing what it needs?
That first one is obviously for google to verify the site. Likely because your website setup google analytics.
Others are similar.
-
Any reason not to post the real DNS record? It's completely public on the interwebs.
-
@Dashrender because I don't actually have them when I said "I" I meant my boss was able to locate them, he paraphrased the records to me.
