1

SMTP authentication

Mailing in same domain

This question is based on the answers provided above. The question is not how and why to authenticate server mails from same domain which makes it different, I want to know when it is appropriate to do so!

The security risk: [email protected] can send a mail to [email protected] and fake the From: adress to [email protected]. Now obviously the ip adress is logged and the person who faked the mail can be made responsible but maybe only after the damage has been done.

I would guess there is no need for a domain which is used by a single person or a very small group of people to authenticate the From part. But when is it appropriate? Should a very large company check if PersonA is really PersonA and not PersonC despite they are using the same domain @samecompany.com?

Improve this question

1 Answer 1

Reset to default
0

The 'when is it appropriate?' question is going to be company dependent. Some very small organisations may wish to authenticate senders, while some very large organisations may not.

It may be better to decide whom within the company should be authenticated. In the classic social engineering attack where by the finance person gets a fake email from the CEO demanding they transfer money to an account or risk getting fired, resulting in them sending money to an attackers account - it would have been appropriate for the CEO to have had their email account authenticated to prove it was them.

It could therefore be a suitable decision to decide to offer ways of authenticating key employees (using SMIME for example) such as the CEO, directors, and finance team. - Any outsourced finance companies would also be wise.

This may offer an acceptable risk level where by you are happy that key people can be authenticated, while the rest of the company are excluded and do not need the resource/training/finance overhead to deploy and manage.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.