Security Basics mailing list archives

Re: Protection against fake mails

From: "Captain Bock" <captbock () gmail com>
Date: Mon, 14 Apr 2008 15:17:28 +0100

Yeap.
That was my idea.
Even though there are no SPF specific record types, this is an
ingenious way to use the TXT type.
Also, this allows you to guarantee that all your mails come from a
"legitimate" server.
Although DNS spoofing can overide this warranty, your spam volume
would definitely decrease.

All the best

Captain Bock


After sending my first message I googled for SPF and found some of the
sources I used before. I guess this strategy is still a valid one.

On Thu, Apr 10, 2008 at 5:57 PM, Jens C. Laundrup <laundrup () verizon net> wrote:

If you Google SenderID you can read about it.  It is still in use and
 growing.  It is not a foolproof solution but it is another rock we can throw
 in the spammers' path.

 Cheers,


 -----Original Message-----
 From: securityfocus2 () googlegroups com
 [mailto:securityfocus2 () googlegroups com] On Behalf Of Captain Bock
 Sent: Thursday, 10 April, 2008 02:22
 To: security-basics () securityfocus com
 Subject: Re: Protection against fake mails


 A few years ago, I needed to add an SPF record to my domains because some
 banking servers required it.
 I guess this was also an interesting solution.
 Does someone know what's the state of the art of SPF?

 On Wed, Apr 9, 2008 at 8:22 PM, Mark Owen <mr.markowen () gmail com> wrote:
 >
 >  On Wed, Apr 9, 2008 at 12:37 PM, WALI <hkhasgiwale () gmail com> wrote:
 >  >  How do I guard against such emails originating from fake email  >
 > impersonations. Is there something I can do at our email gateway,
 > proxy or  > exchange sever (2003) levels?
 >  >
 >
 >  Basic protection is to only allow e-mail originating from your domain
 > name to be allowed from a specific set of trusted mail servers.  This
 > will protect you internally from fake e-mails spoofing your domain but
 > will not block other spoofed domains.  Spoofed e-mails from other
 > domains may be blocked by relying on reverse DNS lookup and comparing
 > the resultant domain with that of the one specified in the e-mail, but
 > this will also block misconfigured servers and some sites on shared
 > hosting.  Long answer short, if you don't want to miss any e-mails
 > then theres really not much you can do.
 >
 >  What you can do to prove that your domain is not spoofed is to enable
 > DomainKeys[1] on your server.  If everyone did this then blocking fake
 > e-mails would be possible.
 >
 >  Hope this helps.
 >
 >
 >
 >  [1] http://en.wikipedia.org/wiki/DomainKeys
 >
 >
 >
 >
 >  --
 >  Mark Owen
 >

Current thread:

Re: Port Monitoring Software, (continued)
- Re: Port Monitoring Software Charles H. Leggett (Apr 09)
- Re: Port Monitoring Software infolookup (Apr 09)
- RE: Port Monitoring Software Stachowicz, Mark (Apr 09)
- RE: Port Monitoring Software Mohamed Senan (Apr 09)
  - Re: Port Monitoring Software Jarrod Frates (Apr 09)
  - Protection against fake mails WALI (Apr 09)
    - Re: Protection against fake mails Ansgar -59cobalt- Wiechers (Apr 09)
    - Re: Protection against fake mails Mark Owen (Apr 09)
    - Re: Protection against fake mails Captain Bock (Apr 10)
    - RE: Protection against fake mails Jens C. Laundrup (Apr 10)
    - Re: Protection against fake mails Captain Bock (Apr 14)
    - Re: Protection against fake mails Jarrod Frates (Apr 12)
    - Re: Protection against fake mails vipw01 () gmail com (Apr 14)
    - Re: Protection against fake mails Jeff MacDonald (Apr 10)
    - RE: Protection against fake mails Jens C. Laundrup (Apr 10)
    - Re: Protection against fake mails Nick Owen (Apr 10)
    - RE: Protection against fake mails Craig Wright (Apr 14)
- Re: Port Monitoring Software Paul Halliday (Apr 09)
- Re: Port Monitoring Software Robert Larsen (Apr 14)