Spoofing mails from webforms?

pascalbelgium · July 29, 2019, 1:03pm

Hi,
Before we had our own mailserver (SMTP) on our webserver, and all mails coming from different webforms on our Drupal website (contact form, order form, account registration form, …) were sent to us spoofed to look like the mails came from the email address filled in by the client in the form. This made it easy to answer these emails (just reply and the right address was being sent to) and it made it possible to attach these emails to the correct records in our CRM system (Act!).

But recently we’ve switched to MS Outlook online mailserver (competitor to Google Suite) and suddenly this isn’t possible anymore ?

Our webdesigners tell us that spoofing isn’t possible anymore, using SMTP … huh ?

How are we to fix these annoying processing problems with receiving feedback from our website then ? each individual mail mannually sorting and processing ? OMG !

Please tell me there is a way of fixing this …

Greetings
Pascal
Belgium

extramile_mike · July 29, 2019, 3:38pm

Not only that, but Office 365 is going towards forcing two factor authentication. As a workaround for apps (like your webserver) that don’t support 2FA, they are using app passwords. That pretty much locks the app to one account and won’t allow relays like it sounds like you were doing before.

pascalbelgium · July 30, 2019, 6:40am

so, how to do this then ?

TimHolus · July 30, 2019, 7:12am

I’m not sure. But maybe try starting with domain protection SPF, DKIM and DMARC.

LTS_Tom · July 30, 2019, 11:43am

This should help with the app passwords. Gsuite has a similar option and that is how we send our invoices.
https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords