05 Sep Email spoofing – What do you need to know.
We all once received at least a phishing email. And even though almost all people heard once about what phishing is about, around 91% of cyber-attacks starts with a phishing email. Systems are becoming more intelligent and they detect simple phishing emails. However, attackers are using even more mature techniques to trick a person to click a link and enter some information to prevent being caught by the anti-spam systems.
One of the techniques they use is email spoofing. Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. It is possible because the Simple Mail Transfer Protocol (SMTP) does not provide a mechanism for address authentication.
A solution that goes on the top of SMTP protocol was introduced in 2003. Men Weng Wong proposed to verify that the IP address sending the message was authorised to send emails on behalf of a domain. It’s called Sender Policy Framework (SPF). Basically, each time an email is received by a server, it would be compared to the IP of origin for the message with the IP address listed in the SPF record for the email’s domain. If they matched, then the email would be delivered. If they did not match, the email would be rejected.
If you want to check all the options that it provides, please refer to: http://www.openspf.org/SPF_Record_Syntax
SPF record from microsoft.com.
Almost after a decade, in 2012, DMARC record came to work alongside SPF. A DMARC policy applies clear instructions for the receiver to follow if an email does not pass SPF or DKIM authentication (i.e. reject or junk it). Also, DMARC tells receiving servers where they can send a report about failed messages. In other words, DMARC includes guidance on how to handle the “non-aligned” messages.
Implementing these two standards is relatively straightforward. Sometimes it can be a little bit tricky to understand how they work together, but the benefits are well worth your time.