As I'm sure you know, many organizations face email spoofing/spam/phishing/spear phishing as one of their major infection vectors these days. Sender Policy Framework (SPF), which is RFC 4408, can help tremendously in combating this infection vector. SPF uses a DNS TXT record to specify which IP range(s) are permitted to send email as coming from a given domain. It's implementation is optimal. SPF's elegance is in its simplicity, and I would encourage organizations to consider implementing it if they haven't already.
To think about it through a concrete example, say I wanted to relay email and spoof the sender such that the email appears to be sent from someguy@example.com. If I'm attempting to relay email from a cable modem dynamic IP address, then I'm probably not a legit mail gateway for example.com. Implementing SPF instructs your mail server to perform this "reality check" before accepting the email. Seems straightforward, right? Exactly.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment