How can we improve?

Antispoofing does not work when spoofing MIME address

We have received several very hard to spot spoofed addresses that get through the Antispoofing filter but show up in Outlook as a local account because the MIME information is using the internal domain. Antispoofing should be looking at not just the SMTP headers but also any MIME information and have the ability to block/mark/etc any emails with a spoofed domain in the MIME From information.

19 votes
Sign in
Signed in as (Sign out)

We’ll send you updates on this idea

Steve Krems shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
Reviewed  ·  AdminIan Bugeja (VP, Product Management, GFI) responded  · 

Is SPF enabled for the domains in question? SPF is a better way to ensuring that only valid servers are sending out emails since it is a common format and a large number of domains support it and have SPF records created.

8 comments

Sign in
Signed in as (Sign out)
Submitting...
  • Sascha Huck commented  ·   ·  Flag as inappropriate

    Very helpful would be an option to compare MIME FROM and SMTP FROM, similar to the option you already have with MIME TO/SMTP TO in the Header checking section.

  • Steve Hodges commented  ·   ·  Flag as inappropriate

    GFI Is a premier software package.... Not having this feature is a serious downgrade and disadvantage to this email solution. If it is true that this lack of feature has been know since 2015 - it really is hard to understand why it has not been implemented or already. Come on GFI design and management team... Do something about this and fix it. With the way things are now, this feature really should be a baseline program feature. Don't let your customers and your software suffer... remember - we as customers use your software because it works and works well and has the futures we need... HOWEVER... when it no longer provides the protection we need... we will look and go elsewhere...

  • Frank Vilece commented  ·   ·  Flag as inappropriate

    This is a very important and basic feature and should be acted upon immediately. I can't believe this feature has not been implemented. It was pointed out in 2015! Why in the world would GFI only concern itself with return path when the user will see the MIME FROM? We have clients failing Spoof testing and being advised by security consultants to rectify this ASAP, and so far GFI has not been able to solve this the way it should!

  • Simon Atkin commented  ·   ·  Flag as inappropriate

    Also note previous "workarounds" involving white and blacklisting internal domains are not acceptable, both because that functionality has been removed by GFI anyway for local domains, and even if it hadn't, there are no exceptions based on e.g. SPF or antispoofing authorized IPs.

Feedback and Knowledge Base