Debian – Prevent from being spoofed by sendgrid

debianpostfixsendgridspoofing

Recently we received an odd mail coming from adress1@company.com to address2@company.com

The problem is that address1 didn't send any email to address2. The email was sent using sendgrid.
Sendgrid has to be in our SPF due to the use of freshdesk which uses their system.

I was able to recreate the situation with the following:
– create a free sendgrid account with a fake email address (fake@company.com)
– send a transactional email from: fake@company.com (address1@company.com) to address2@company.com.
The email goes straight to spam but it stills delivered. However I would like to reject this email.

I have dkim for our principal server, and freshdesk (sendgrid), and SPF for our principal server and once again freshdesk.

I tried with dmarc to reject but the email is still being delivered. At this point I'm out of ideas and I don't know what could be missing.

If the email is sent by freshdesk then it's signed by company.com and if it's spoofed like I mentioned above it will be signed by sendgrid which is generating their own DKIM keys (apparently).

Our server runs in postfix with debian9.
Thank you,
Diogo Jesus

Best Answer

SPF / DKIM / DMARC won't necessarily solve this problem, perhaps better to find a way of adding a header (tag) to the freshdesk emails that you can use header checks to validate if the email is genuine.

i.e.

email delivered via sendgrid and tagged with the secret freshdesk tag is genuine,

email sent via sendgrid without the tag is not and can be binned.

Related Topic