GFI Software Aurea SMB Solutions


Home » GFI User Forums » GFI MailEssentials » MIME From Spoofing
MIME From Spoofing [message #145774] Tue, 14 May 2019 09:30 Go to next message
Paul Brause is currently offline  Paul Brause
Messages: 5
Registered: April 2019
Location: Germany
The feature "MIME From Sppofing" has been released in the GFI feedback website:
feedback.gfi.com/forums/267749-gfi-mailessentials/suggestion s/10292490-antispoofing-does-not-work-when-spoofing-mime-add

But will the new feature be available in the comming version 21.5 or a later version?
When do you plan to release the version 21.4?

Kind regards
Paul Brause
Re: MIME From Spoofing [message #145872 is a reply to message #145774] Tue, 28 May 2019 14:54 Go to previous messageGo to next message
Paul Brause is currently offline  Paul Brause
Messages: 5
Registered: April 2019
Location: Germany
@Ian Bugeja
Why do you change the text in the feedback.gfi.com answer from "Please upgrade to the latest version and install all Patches." to "Please upgrade to the latest version v21.5 and install all Patches", but do not answer in this forum?

By the way:
Why have all old GFI forum post been deleted lately?
Overall, this forum is not very well maintained by GFI
Re: MIME From Spoofing [message #145876 is a reply to message #145872] Tue, 28 May 2019 22:48 Go to previous messageGo to next message
ian.bugeja is currently offline  ian.bugeja
Messages: 234
Registered: March 2017
Location: Malta
Hi Paul

no that feature is only available in 21.5. I suggest to upgrade your install.

The forum was replaced with a different platform and the older posts were deleted.

Regards
Ian


Ian Bugeja
GFI Software
Re: MIME From Spoofing [message #145948 is a reply to message #145876] Thu, 13 June 2019 13:40 Go to previous messageGo to next message
Paul Brause is currently offline  Paul Brause
Messages: 5
Registered: April 2019
Location: Germany
Finally I could test your new feature.

The feature you've implemented is not that what was requested in the feedback topic back in 2015.
You've released the "helpful option" to compare MIME FROM and SMTP FROM form in the comments in 2018.
Better than nothing but not as helpfull as a MIME FROM SPF check.
This new feature generates a lot of false positives!

A lot of senders, mostly newsletters but not only, use different Emailaddresses in SMTP FROM and MIME FROM.
When enabeling the new feature a simple compare between these addresses is made.
A lot better would be an option to check the SMTP FROM address against the SPF record of the MIME FROM address.

Example:
Senders Mailserver: mx.xyz.com
SMTP FROM: mail<_at_>spamserver.com
MIME FROM: "Someone youkown" <mail<_at_>KownCompanyName.com>
SFP Check: SPF Record of "xyz.com" not available
-> currently the mail will not be blocked

Additional SPF Check: SPF Record of KownCompanyName.com does not permit "mx.xyz.com" as vaild mail sender
-> The mail would be blocked!
Re: MIME From Spoofing [message #145949 is a reply to message #145876] Thu, 13 June 2019 13:42 Go to previous message
Paul Brause is currently offline  Paul Brause
Messages: 5
Registered: April 2019
Location: Germany
Finally I could test your new feature.

The feature you've implemented is not that what was requested in the feedback topic back in 2015.
You've released the "helpful option" to compare MIME FROM and SMTP FROM form in the comments in 2018.
Better than nothing but not as helpfull as a MIME FROM SPF check.
This new feature generates a lot of false positives!

A lot of senders, mostly newsletters but not only, use different Emailaddresses in SMTP FROM and MIME FROM.
When enabeling the new feature a simple compare between these addresses is made.
A lot better would be an option to check the SMTP FROM address against the SPF record of the MIME FROM address.

Example:
Senders Mailserver: mx.xyz.com
SMTP FROM: mail<_at_>spamserver.com
MIME FROM: "Someone youkown" <mail<_at_>KownCompanyName.com>
SFP Check: SPF Record of "xyz.com" not available
-> currently the mail will not be blocked

Additional SPF Check: SPF Record of KownCompanyName.com does not permit "mx.xyz.com" as vaild mail sender
-> The mail would be blocked!
Previous Topic: SMTP mode, how to delete multiple users
Next Topic: disclaimer text dose not appear in internal messages
Goto Forum:
  


Current Time: Tue Jul 16 02:37:18 CEST 2019

Total time taken to generate the page: 0.03169 seconds