Genuine Spoofing

Question

Hi

On our customer facing site we have a contact form for users to fill in. This contact form is managed by Sendinblue.

When users complete this form an email is sent to a shared mailbox within our domain.

Sendinblue have spoofing in place so that when the email comes into our shared mailbox it appears to have come from the user that filled in this form (they add their email into the form)

EOP is correctly picking this up as spoofing and sends these emails to the junk folder in the shared mailbox.

We are considering creating a new anti spam policy to resolve this and targeting only the shared mailbox and including an allow for @smtp-relay.sendinblue.com

Doing this however would open this mailbox up to more junk.

Would this be the best way to approach a situation like this?

Answer 1

Important

Never configure mail flow rules with only the sender domain as the condition to skip spam filtering. Doing so will significantly increase the likelihood that attackers can spoof the sending domain (or impersonate the full email address), skip all spam filtering, and skip sender authentication checks so the message will arrive in the recipient's Inbox.

That concerns me also from the url you provided

Answer 2

Thanks Andy and would that be more secure than creating a spam policy for that domain? Our security team want the most secure option :)

Answer 3

Yes, you can scope that rule to more than the sending domain. As in that example, you can see DMARC is checked and must pass as well. That makes it pretty secure and ensures that only severs authorized to send as that domain to pass that rule :)

Otherwise, you can set the anti-spam policy for just that domain, but that is really less secure than the rule since the rule will have multiple checks.