Helping people with computers... one answer at a time.

Stopping someone from sending from your domain name can only be done if they are using your server to send. Otherwise, they may be spoofing.

How do I stop Hotmail from sending third-party emails? An ex-employee set up his Hotmail account to send from his corporate email address. How can I prevent him from sending from that email address through his Hotmail account?

In this excerpt from Answercast #71, I look at ways a former employee could be sending email that looks like it is from the company domain.

Former employee's email

Well, to begin with, I'm not aware of Hotmail actually being able to truly send from an account that is not Hotmail. In other words, I believe you cannot configure Hotmail.com to send as say Ask-Leo.com.

Now, that being said, maybe someday they will. You can absolutely do that with Gmail. With Gmail, you can set it up to send mail as if it were from a different domain.

Spoofing the "From" field

Now, there are two very important different ways of doing this. One, in a case as you describe, you have control over - and one that you do not.

The first is when the email service does this independently of your email server.

In other words, you've got Foo.com, you own the mailer for Foo.com, you control all the mail for Foo.com, and yet your rogue employee has configured his Gmail account to send as if it were from Foo.com.

There's nothing really you can do about that. Ultimately, what that employee has done is "from" spoofing." It's the same "from spoofing" or very similar to the "from spoofing" that spammers use all the time.

It is very, very easy to fake the "from" address.

It may not be obvious in the headers, but in the headers, you can in fact find out that, "Oh yea, this wasn't really from so-and-so. It came from this other server in China," or wherever. But the point being, though, that to the naked eye, to the recipient of that message, it still looks like it came from Foo.com - even though it never touched a Foo.com server.

So that's the one you don't have control over. I really don't know a way of solving that. It would be very easy for me to configure a desktop email program to send all of my email as if it were coming from Foo.com even though I don't own Foo.com and I have nothing to do with Foo.com.

Sending through a server

The other scenario (and the reason I bring this scenario up is, I believe, this may be possible with Hotmail) is that you may be able to instruct Hotmail to send using your server.

In other words, when Hotmail goes to send a piece of mail, instead of sending it itself, it sends through your server. I know this is possible in Gmail. What it means is that email honest to goodness, really is coming from your server.

So, for example, I configure the mail program in Gmail (I'll use that since I know it works). You configure Gmail to send from Foo.com, through the Foo.com server. When the recipient gets it, it looks like that email came from Foo.com - because it did!

That one's easy to fix. Disable the account.

In other words, whomever this rogue employee is that's doing this - make sure that their account is incapable of sending email on your server. Make sure that the account is disabled.

One of the things you might want to do is make sure that the account can still receive email so that, perhaps, you can keep track of what this person is doing, in case people reply to him.

Manage your server

The important thing is you want to make sure that that employee cannot send email through your server. Through the Foo.com server.

That means: whoever is administering your email needs to know how to do that. They need to know how to turn off the ability to send for that email account. If they can't do that, without also disabling the ability to receive, you know that's probably worth it. Disable the account completely. Remove the account completely - whatever it takes to stop that employee from being able to send email through your server.

But like I said, the bottom line is that what we're really talking about here is "from spoofing" and Lord knows if the spammers can do it very trivially, so can your employees.

Article C6045 - November 19, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
bill
November 20, 2012 10:06 AM

You probably also want to send the former employee a registered letter explaining that you have found out they are sending out their email with your company's address and that they should end the practice.

If you parted ways on good terms, they will probably say oops and fix things.

If you parted on bad terms, you might want to have a lawyer discuss additional wording that this use would be considered fraud and that they are liable for any damages to you or your company due to this fraud.

Ken B
November 21, 2012 8:07 AM

Years ago, when people would tell me that it was "impossible" (or, at least, "almost impossible") to spoof the "from", I would demonstrate otherwise. A few minutes later, they would get an e-mail "from" the President of the United States, explaining that such spoofing was quite easy to do.

Many years ago at a certain large software company I'll admit to originating some internal mail that came "From: Santa.Claus@northpole.com". Smile
Leo
21-Nov-2012

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.