Helping people with computers... one answer at a time.
Stopping someone from sending from your domain name can only be done if they are using your server to send. Otherwise, they may be spoofing.
How do I stop Hotmail from sending third-party emails? An ex-employee set up his Hotmail account to send from his corporate email address. How can I prevent him from sending from that email address through his Hotmail account?
In this excerpt from Answercast #71, I look at ways a former employee could be sending email that looks like it is from the company domain.
Well, to begin with, I'm not aware of Hotmail actually being able to truly send from an account that is not Hotmail. In other words, I believe you cannot configure Hotmail.com to send as say Ask-Leo.com.
Now, that being said, maybe someday they will. You can absolutely do that with Gmail. With Gmail, you can set it up to send mail as if it were from a different domain.
Now, there are two very important different ways of doing this. One, in a case as you describe, you have control over - and one that you do not.
The first is when the email service does this independently of your email server.
In other words, you've got Foo.com, you own the mailer for Foo.com, you control all the mail for Foo.com, and yet your rogue employee has configured his Gmail account to send as if it were from Foo.com.
There's nothing really you can do about that. Ultimately, what that employee has done is "from" spoofing." It's the same "from spoofing" or very similar to the "from spoofing" that spammers use all the time.
It is very, very easy to fake the "from" address.
It may not be obvious in the headers, but in the headers, you can in fact find out that, "Oh yea, this wasn't really from so-and-so. It came from this other server in China," or wherever. But the point being, though, that to the naked eye, to the recipient of that message, it still looks like it came from Foo.com - even though it never touched a Foo.com server.
So that's the one you don't have control over. I really don't know a way of solving that. It would be very easy for me to configure a desktop email program to send all of my email as if it were coming from Foo.com even though I don't own Foo.com and I have nothing to do with Foo.com.
The other scenario (and the reason I bring this scenario up is, I believe, this may be possible with Hotmail) is that you may be able to instruct Hotmail to send using your server.
In other words, when Hotmail goes to send a piece of mail, instead of sending it itself, it sends through your server. I know this is possible in Gmail. What it means is that email honest to goodness, really is coming from your server.
So, for example, I configure the mail program in Gmail (I'll use that since I know it works). You configure Gmail to send from Foo.com, through the Foo.com server. When the recipient gets it, it looks like that email came from Foo.com - because it did!
That one's easy to fix. Disable the account.
In other words, whomever this rogue employee is that's doing this - make sure that their account is incapable of sending email on your server. Make sure that the account is disabled.
One of the things you might want to do is make sure that the account can still receive email so that, perhaps, you can keep track of what this person is doing, in case people reply to him.
The important thing is you want to make sure that that employee cannot send email through your server. Through the Foo.com server.
That means: whoever is administering your email needs to know how to do that. They need to know how to turn off the ability to send for that email account. If they can't do that, without also disabling the ability to receive, you know that's probably worth it. Disable the account completely. Remove the account completely - whatever it takes to stop that employee from being able to send email through your server.
But like I said, the bottom line is that what we're really talking about
here is "from spoofing" and Lord knows if the spammers can do it very
trivially, so can your employees.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.