Email Protection Administrator Guide
156
Proprietary: Not for use or disclosure outside McAfee without written permission.
November 2012
Question: I’m receiving spam email from my own email address and I
know I didn’t send it. What’s happening and how do I stop it?
Answer:
A spammer has “spoofed” your email address. Spoofing means that the “From:”
address in emails has been falsified to be an address other than the real source of the
emails. The intent is to trick the recipient into opening the email because it appears to be
from a trusted source. In your case, they made the mistake of using your own email
address as the spoofed address and you realized that you had not sent the email. Spoofing
is illegal according to the CAN-SPAM Act of 2003; however, it is still a common tactic
used by spammers.
You can do any of the following in Email Protection to block these types of emails.
•
Confirm that your own email address is not in an Allow list.
It is possible that the spoofed email would be caught by normal spam filtering;
however, if your email address is in an Allow list, spam filtering will be disabled. If
necessary, remove your email address from any Allow lists to make sure spam
filtering is performed.
•
Add your own email address to your user-level Deny list
This policy will automatically deny any emails received from your email address. It
will apply to all emails received from the Internet into Email Protection that are
filtered and then sent to you. It will affect only emails sent to your address.
•
Add your own email address or entire Domain name to your policy set Sender Deny
list
This policy will do the same as above, but will apply all user accounts subscribed to that
policy set. If the Domain name is used, then all emails from that Domain will be filtered.
Note:
Using a Deny list as a filtering tactic in this situation will succeed only if your
corporate email is
not
sent into the Internet cloud before delivery to other addresses in
your Domain name. The assumption is that your corporate email is delivered within your
internal network without filtering by Email Protection.
If your organization does deliver your corporate email using a delivery method that
includes sending it into the Internet, it is possible that valid corporate emails will be
filtered if you make the above policy changes.
System Configuration
Question: I just redirected my MX Record. How can I make sure that my
email is coming through Email Protection?
Answer:
Once the MX Record has been redirected and the entities (Reseller, Customer,
Domain, and user accounts) have been configured, emails can be sent from a sender
outside of the system to a user provisioned on the Domain. To see if the email was
received in your system from Email Protection, monitor email processing flow in the
Overview
window.
You should be aware that email servers do not always accept changes immediately after
the redirection of the MX Record. This means that some email servers may still send email
directly to your inbound servers and not to the redirected MX Record for the first 2-3 days
after the redirection.