Re: email spoof
From: Rob Bordwell (atomicdawg_at_smtd.com)
Date: 11/12/04
- Next message: John McCoy: "Re: 2 questions for SBS 2003"
- Previous message: John McCoy: "Re: SBS 2003 newsgroup"
- In reply to: joe: "email spoof"
- Next in thread: Kevin Weilbacher [SBS-MVP]: "Re: email spoof"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 11 Nov 2004 17:44:52 -0800
At the moment, you cannot stop spoofing on all mail servers throughout
the Internet. However, there is a push right now to get administrators
to support SPF (Sender Policy Framework). In a nutshell, here is how
SPF works:
The owner of a domain adds a specially formatted TXT record to his DNS
server. This text record lists what servers are allowed to send mail
for the given domain. Now, when a mail server receives email, the one
thing it knows for certain is the IP address of the server sending the
mail. So, when a server receives an email claiming to be from
jowblow@yourdomain.com, the mail server checks the SPF TXT record for
yourdomain.com. Is the IP address of the sending server listed as a
server that can send mail for yourdomain.com? If not, then it can be
considered a spoof.
So you ask, "What's the problem? How come everyone doesn't use SPF?"
The problem is that it is new and hasn't been embraced by everyone yet.
Not everyone has created SPF records for their domains. Most email
server software doesn't support SPF out of the box. Even if it did, you
wouldn't want to reject every email from a domain without a SPF record
because not everyone knows about SPF and most people haven't taken the
time to set up a SPF record for their domain.
But as time goes on, SPF will reach critical mass. Users will find
their email being rejected more times than not if their domain does not
have a SPF record. When that time comes, everybody will start getting
with the program.
For more information, check out the following:
spf.pobox.com
http://www.microsoft.com/mscorp/twc/privacy/spam/senderid/default.mspx
Microsoft has something called Sender ID. I think it used to be called
Email Caller ID. It adds something to SPF but I'm not sure how it
works. I suppose I should read my own link!
In article <1B17EFCF-6A64-45A1-8075-BED64E883A0F@microsoft.com>,
joe@discussions.microsoft.com says...
> Is there a way to prevent email spoofing. My user complaint about people are
> calling them and asking why she send certain message. She confirmed with me
> that she never sent those message. I think this is a case of email spoofing
> right? I confirmed that her machine does not have virus. I spoke with
> Trendmicro and Symantec and they their is no way to avoid email spoofing? Are
> they correct? Is there any thing I can do?
- Next message: John McCoy: "Re: 2 questions for SBS 2003"
- Previous message: John McCoy: "Re: SBS 2003 newsgroup"
- In reply to: joe: "email spoof"
- Next in thread: Kevin Weilbacher [SBS-MVP]: "Re: email spoof"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
