Wednesday, September 14, 2011

Sender Policy Framework

As I'm sure you know, many organizations face email spoofing/spam/phishing/spear phishing as one of their major infection vectors these days.  Sender Policy Framework (SPF), which is RFC 4408, can help tremendously in combating this infection vector.  SPF uses a DNS TXT record to specify which IP range(s) are permitted to send email as coming from a given domain.  It's implementation is optimal.  SPF's elegance is in its simplicity, and I would encourage organizations to consider implementing it if they haven't already.

To think about it through a concrete example, say I wanted to relay email and spoof the sender such that the email appears to be sent from If I'm attempting to relay email from a cable modem dynamic IP address, then I'm probably not a legit mail gateway for  Implementing SPF instructs your mail server to perform this "reality check" before accepting the email.  Seems straightforward, right?  Exactly.

No comments:

Post a Comment