Several techniques can be used to spoof a message, including:
Unfortunately, there are no hard and fast rules for guaranteeing the authenticity of a message and the best that can be done is to estimate the probability that a message has been spoofed. Apart from some obvious examples, it is almost impossible to determine if a message has been spoofed or if it is legitimate. For example:
MAILsweeper for SMTP can provide protection from spoofing by:
MAILsweeper searches each message and generates a spoof probability, depending on indications of possible spoofing methods that it finds. If the spoof probability equals or exceeds a specified threshold value, the message is marked as being `possibly spoofed' and a warning is appended to the message when it is delivered to the intended recipients. The wording of the warning can be modified if desired.
You can set the spoof threshold value to suit your own requirements. For example, if you are particularly concerned about mail spoofing you may wish to set the threshold to be relatively low. If you are not so concerned you may choose to set it to a higher value. See the next page for details on how to set the spoof threshold.
![]() |
As it is impossible to positively identify spoofed messages, MAILsweeper does not block messages that appear to be spoofed. The message is delivered as normal, but with a suitable warning appended. |
The PossibleSpoof
attribute is then checked during message disposal.1 If it has the value TRUE
then a warning is appended to the message body, suggesting that
the message may be spoofed and that its authenticity should be
verified.
This warning message is appended using the automated editing facility.
[Clean]Edit=AppendIfSpoof
Edit=AppendOutwardDisclaimer Deliver=[AppendIfSpoof] PerformIf=PossibleSpoof==TRUE AppendToBody=C:\MSW\Config\POSSPOOF.TXT
You can modify the wording of the warning message, if desired, by changing the contents of the file C:\MSW\Config\POSSPOOF.TXT.
The default contents are as follows:
Information in the headers for this message suggest that it may be spoofed and that its authenticity should be verified.
![]() |
See page 7-34 for more details on how the automated editing facility is configured. |
[SMTP]2
ContainerClass=Container
...
SpoofThreshold=10
;Timezone=+0000
By default this value
is 10
, but can be changed if desired. If you are
particularly concerned about spoofing, set the threshold value
lower. If you are less concerned, set it higher.
![]() |
The maximum
spoof probability that can be generated is 25 ,
so there is no advantage in setting the threshold higher
than this as it will effectively disable the facility. |
To disable the
anti-spoof facility ensure that the Edit
disposal
action is commented out in the [Clean]
configuration
section. This section is found in the mail configuration file, MIMESWP.CFG
.
[Clean]
Edit=AppendIfSpoof
Edit=AppendOutwardDisclaimer
Deliver=
[Clean]
;Edit=AppendIfSpoof
Edit=AppendOutwardDisclaimer
Deliver=
1 Assuming the message uses the Clean
disposal route.
2 See page 7-51 for more
details on the [SMTP]
section.
Copyright © 1998, Content Technologies Limited. All rights reserved.