Topic: prevent spoofing of emails
Our customers sometimes get spam sent to them from a third party server with the MAIL FROM being their own email id.
For example if mycustomer.com is our client's domain hosted on our server.
the spam email would be something like this sent from some other third party server.
the mail from : email@example.com
in the headers, the envelope sender would contain spk and dkim of these would be some domain which are all correctly configured and hence my system would not detected it as spam.
basically what i need is that any emailid/domain (*@mycustomer.com) should reject any email from any third party server where the MAIL FROM email id or domain is present on our server.
to check out how gmail handled such emails, i tried sending such an email to my gmail id
ie i configured an email id on one of my servers which authenticated using it userid and password but the "MAIL FROM" was kept as firstname.lastname@example.org.
so basically the email with the "MAIL FROM" as email@example.com was sent from my server to my gmail id firstname.lastname@example.org. This email was received by gmail but a clear warning was displayed stating the email may be spoofed.
Request your kind help in setting up such a header check to reject such emails or by some other means catch such spam.