How Does a Mail Server Respond to Fake Email Addresses?

You are in: Articles / Security / How Does a Mail Server Respond to Fake Email Addresses?
Articles & tutorials Backup & Archiving Email Clients Mobility Operating Systems Reporting Tools Security Antispam Antivirus Reports Server Administration Smart Setups Clustering Virtualization Studies & Benchmarks Support Services Web Integration Messaging news Axigen Releases Version 7.5 with Top Level Security & Performance Bucharest, Romania – September 1st, 2010 – Axigen, the... Kaspersky Lab and Axigen Partner to Deliver Premium Email Security Bucharest, Romania – August 18, 2010 – Kaspersky Lab... Axigen Unveils New 7.4 Version & Licensing Model with Free Email Users Bucharest, Romania – June 09, 2010 – Axigen, the... Upcoming events AXIGEN Webinar: Taking the... AXIGEN (www.axigen.com), the professional messaging solution...	How Does a Mail Server Respond to Fake Email Addresses? Submited by cristina, on 2008-02-26, in Security During a security assessment, I found that I could connect to the SMTP gateway using Telnet. I tried sending mail from a fake domain, but it was detected as a mail relay and stopped. When I sent messages to fake employees inside the organization's domain, however, the mails were accepted. Can this be termed as a mail relay vulnerability? Can this be exploited for purposes other than social engineering? Most importantly, what is the best possible resolution? What you describe is actually a very common situation and is not a cause for alarm. You can Telnet to most mail servers on TCP port 25 and send messages to the organization that uses the particular server. But, you should not be able to send email to other organizations. If you could, a spammer would find that mail server and use it to relay spam. So, what actions should the mail server take if the destination email address is fake? full article comments (1) \| email this \| Rating: Leave a comment Full Name * E-mail * URL: Note: all fields marked with (*) are required Comments (1) posted by daniel.toma, on 25 May 2008 Most server perform a catch-all action for non-existent recipients and deliver the messages to the postmaster account or the server administrator's account. Some of them send a NDR message stating that the recipient address does not exist. Others respond with a permanent error condition stating that the recipient address does not exits during the SMTP communication phase. To: Subject: Body: Verification code:	Why Register? Already a member? Blacklist monitoring alerts Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted. Mail Server Operating System Poll .01 What OS do you use for your email server? Linux Windows Other .02 How many mailboxes do you currently manage? 1-50 51-300 300+ .03 Would you like to comment upon the choosing of this particular OS? DNS Tools Get IP status, owner and location, obtain its corresponding hostname or check specific ports. Ping Statistics Reverse DNS Lookup Whois Info (IP owner) GeoIP Information Check Port Open Relay Test Test if your mail server is an open relay for spammers. Blacklist Checker Check if your IP is listed in DNS based email blacklists (DNSBL)