Home page logo

basics logo Security Basics mailing list archives

Re: Protection against fake mails
From: "Captain Bock" <captbock () gmail com>
Date: Thu, 10 Apr 2008 10:21:59 +0100

A few years ago, I needed to add an SPF record to my domains because
some banking servers required it.
I guess this was also an interesting solution.
Does someone know what's the state of the art of SPF?

On Wed, Apr 9, 2008 at 8:22 PM, Mark Owen <mr.markowen () gmail com> wrote:

 On Wed, Apr 9, 2008 at 12:37 PM, WALI <hkhasgiwale () gmail com> wrote:
 >  How do I guard against such emails originating from fake email
 > impersonations. Is there something I can do at our email gateway, proxy or
 > exchange sever (2003) levels?

 Basic protection is to only allow e-mail originating from your domain
 name to be allowed from a specific set of trusted mail servers.  This
 will protect you internally from fake e-mails spoofing your domain but
 will not block other spoofed domains.  Spoofed e-mails from other
 domains may be blocked by relying on reverse DNS lookup and comparing
 the resultant domain with that of the one specified in the e-mail, but
 this will also block misconfigured servers and some sites on shared
 hosting.  Long answer short, if you don't want to miss any e-mails
 then theres really not much you can do.

 What you can do to prove that your domain is not spoofed is to enable
 DomainKeys[1] on your server.  If everyone did this then blocking fake
 e-mails would be possible.

 Hope this helps.

 [1] http://en.wikipedia.org/wiki/DomainKeys

 Mark Owen

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]