SPF records. The real McCoy

Posted on May 11, 2010
Filed Under Improving Security, The Dangers | 1 Comment

If you’ve never heard of SPF (Sender Policy Framework), don’t worry, you’re probably not an email administrator. SPF was designed as an addition to the email system to prevent sender spoofing. In other words, allowing someone else to send an email pretending they are you.

As you can imagine, spammers don’t tend to use their real email addresses when informing you of their latest and greatest. They use other innocent people’s email addresses so that when the message bounces or fails (which often happens) then bounce comes back to…. you guessed it, you and not the spammer.

I only post this message today because one of our infrequently used domains has been used in such a manner this morning. I am getting a lot of bounces from russian email addresses informing me that my message has failed and I should retry / give up etc etc.. Mea culpa, I forgot to put an SPF record on that particular domain.

To clarify, SPF is a DNS record published by (in this case) my domain which informs any system that cares to look, which IP address is allowed to send mail on behalf of that domain. There are various levels of strictness  (have a look at the openspf wizard) but it basically boils down to that. A receiving email server can check this record, and if it doesn’t match what my DNS says, it can reject the email or do one of many locally set rules that the email administrator chooses.

Of course I’ve added this SPF record to this particular domain so let’s see how quickly it resolves.

Why is this on a social engineering blog? Well, if you correspond with people mainly via email then email is your reputation. Your email and / or domain can easily be blacklisted and through no fault of your own that reputation is tarnished. As our own customers sometimes find out

Of course, SPF is no magic bullet but it can help against random bot spoofing. There are other technologies such as DKIM and DomainKeys but these are harder for the general public to implement and are less common at this moment in time.

Comments

• Recent Posts

  • How safe is your credit card number with merchants?
  • GlobalSign Comodo Compromise
  • Would you send money to help a friend?
  • Your Valuable Information
  • Google SSL

• Archives

  • November 2011
  • March 2011
  • February 2011
  • May 2010

• Categories

  • Improving Security
  • Social Media
  • The Dangers

• Common Phrases

  boiler rooom email spoofing extended validation FSA geolocation Google SSL passwords PCI compliance personal details Personal Information phone fraud pinoptic pump and dump social engineering Social Media SPF ssl certificates ssl padlock telephone security twitter location visual password wep cracking wireless encryption

• Links

  
  
  
  
  Blog Directory Website Hacked? Salvage My Site

• About

  Ever had your personal details cloned? Worried about someone else spending money on your credit card? This site will attempt to identify and protect against the dangers of fraud.

• Search

• Admin

  • Register
  • Log in
  • XHTML