Have your users ever complained about spam which they apparently received from themselves? Spammers have a tendency to forge the sender address so they can bypass filtering – they either spoof a legitimate (trustworthy) sender address, or they simply insert the recipient address in the From: field to confuse their target. The latter is a phenomena what we call self-spam (for obvious reasons). There are several methods to address this problem:
Solution 1: Comparing addresses
The first method is comparing the sender and recipient addresses, and if they match, blacklist the email: it is unlikely a user will ever send an email to himself/herself which is relayed through an external server. To perform this comparison, Vamsoft provides a so called “External Agent”. External Agents can be used to extend the core functionality of ORF to address specific campaigns, among other things. To download the agent, click here. Setup instructions can be found in the readme.txt file shipped with the Agent.
Solution 2: Sender Policy Framework record
The second method is publishing an Sender Policy Framework record. The SPF policy allows you to tell others which hosts are allowed to send emails from your domain. If a spammer tries to spoof your domain, the recipient can check your policy online, and if the sender host is not authorized to send emails from your domain, reject the email. As your own server can also check this policy, you can effectively use it to stop self spam emails. To learn more about SPF, visit this website.
Solution 3: Blacklist yourself
The third method is blacklisting your own domain name: since ORF ignores internal and outgoing emails, this will not block legitimate emails, only spoonfed ones.
To learn more about these solutions, possible caveats when implementing them, and other type of self-spam campaigns, read this article.