alanwilliamson

Just who is using the Sender Policy Framework (SPF) for determining the origins of email?

No doubt at some point you'll have received a spoofed email. A spoofed email is one that pretends to come from a source that it clearly doesn't. Phishing spam emails are a classic example of a spoofed email. We've seen them all from the likes @paypal.com urging us to update our accounts, or from @ebay.com trying to get us to click on a unpaid disputed auction item.

Spoofed emails are something that I have learned to live with, but recently I have been a little concerned at the number of emails claiming to be from my own @blog-city.com domain, and even more alarmed to see them claiming to be from me! The cheeky gits!

You would think in this day and age there would be a way to validate if the email came from the host it was pertaining to be. Well fortunately there is, and its called the Sender Policy Framework, or SPF.

This is a rather simple addition to your DNS that basically lists all the hosts that are allowed to generate email for that domain. Any host that you receive email from that isn't in that list is 99.999% spoofed - to be deleted!

While, it is a simple addition for any DNS domain owner to add SPF support, it requires that your incoming mail server support SPF and actively check email for its origins. Looking at the SPF site of implementations all the major servers are covered so there should be no excuse for anyone not to add it in.

As a quick exercise, I had a quick sniff around to see which domains actively produced an SPF record and which ones did not. I merely picked the ones I have received email from in the last 7 days. Some surprising results popped out.

Supporting SPF
@google.com
@gmail.com
@microsoft.com
@hotmail.com
@paypal.com
@ebay.com
@aol.com
@amazon.com
@ibm.com
@dell.com
@apple.com
@bbc.co.uk
Not Supporting SPF
@sun.com
@apache.org
@oracle.com
@cnn.com
@mysql.com
@nokia.com
@adobe.com
@yahoo.com

So if you are going to spoof an email, then you are going to have a wider reach posing as Larry Ellison instead of Bill Gates!

If you run a Zimbra email server you can easily add in SPF checking using the instructions on their wiki.

Alternatively if you have Thunderbird, you may want to install the extension that performs the checking on your desktop.

I will switch on SPF in the next couple of days and monitor our spam intake and hopefully as a by product, we'll reduce the spam in other peoples inbox's by removing the @blog-city.com spoof emails away.


 

Recent Cloud posts

Recent JAVA posts

Latest CFML posts


 
Site Links