How would this work: Email related

[Private Citizen]

How does this work usually?

Email address is [email protected]
Employee got an email from [email protected]
Reply to the email works however looking at the headers shows it's origins are not the company email server. The only issue is the domain doesn't even exist. Employee email is using the company mail server. Not sue what DNS settings are on the employee computer and etc.

How does the reply work?

 

[devman]

Is the Reply-To header being used?

 

[Private Citizen]

Unfortunately I don't have access to that info at the moment. I seen them briefly when a guy was telling me about the shenanigans. Thinking on it I don't think it was used.

 

[MrGoat]

I'm presuming the message received was a Spam or fishing type email? The reality is that there is no universal way of vetting the source server is authorized to send an email. So what spammers will do is spoof your domain to get around standard spam filtering techniques.

Quickest solution is to setup a proper SPF record in DNS to specify which servers are yours. Not everyone looks at SPF when receiving mail to determine weather the sender is legitimate or not, however a lot do and you can set your mail servers to look and automatically black hole these false emails.

 

[Lames.]

Always ran into that problem at my last job. SPF requirements are turned off by default. I recommend turning them on. It will be a fun time for a week or so but once everything is sorted out, you more than likely will not have the problem again.