我收到了一封供应商发来的电子邮件,该供应商遭到了黑客攻击。
客户域名是(header.from = dhavalgroup.com),但电子邮件是从(smtp.mailfrom = deltaexports.us)发送的。
如何防范这种虚假电子邮件?
Authentication-Results: spf = none (IP sender is 173,201,192,164)
smtp.mailfrom = deltaexports.us; mydomain.com.br; dkim = none (message not
signed) header.d = none; mydomain.com.br; DMARC = none action = none
header.from = dhavalgroup.com; mydomain.com.br; dkim = none (message not
signed) header.d = none;
Received-SPF: None (protection.outlook.com: deltaexports.us does not designate
permitted sender hosts)
Received: from p3plwbeout13-02.prod.phx3.secureserver.net (173,201,192,164) by
BN1BFFO11FD048.mail.protection.outlook.com (10.58.145.3) with Microsoft SMTP
Server (version = TLS1_2, cipher = TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.669.7
Frontend via Transport; Mon, 17 Oct 2016 08:56:30 +0000
Received: from localhost ([173,201,192,136])
by p3plwbeout13-02.prod.phx3.secureserver.net with bizsmtp
id wYwV1t0012x1vXx01YwVbq; Mon, 17 Oct 2016 01:56:29 -0700
谢谢。
答案1
为了优化保护,您需要 SPF、DKIM 和 DMARC。您的域名由 outlook.com 托管。已配置 spf 记录。
如何为您的域启用 DKIM。 http://o365info.com/how-to-enable-outbound-dkim-signing-for-your-domain-in-office-365-part-5-of-5/
有关 DMARC 的信息https://blogs.msdn.microsoft.com/tzink/2014/12/03/using-dmarc-in-office-365/