I just finished reading the most recent issue of the Barking Seal Newsletter (read it here). A particular section that caught my interest talked about using DNS to thwart spammers and specifically touched on the importance of using DNS to aid mail servers in performing sanity checks. I think the mail server is an easily overlooked component when attempting to secure an infrastructure and in this series of posts I’ll talk about what steps you can take to secure it.
Often times you’ll hear about worms or spammers that exploit open mail relay servers in order to spoof email. I’ve never really understood the purpose of bothering to find an open relay server when 90% of mail servers allow anonymous requests and do no form of reverse lookup validation (OK! 83% of facts are made up on the spot, but seriously, it’s a large percent).
That’s where SPF records come into play. It is very easy to send spoofed email to any domain whose mail server does not perform SPF record validation, that is, compare the connecting sender’s IP address to a list of verified IP addresses that are allowed to send mail on behalf of the domain that the email appears to be originating from.
What does an SPF record look like? Let’s take a look at Applied Trust’s…
A SPF record is simply a TXT record specified in a special format. The v=spf1 defines the version of the SPF record being declared. The ~all means “soft fail” on any address not listed in this record (most mail servers will frown upon mail from an additional address and will give it less precedence, alternatively you could use “-all” to explicitly not trust any other address). Now let’s look at the “a:mail-rely.atrust.com” part. The “a:” directive says use mail-relay.atrust.com to find an “A record” to verify the source, so let’s look at mail-relay.atrust.com’s A record:
So- we can see that all mail requests from source IP 63.173.189.2 should be accepted for domain atrust.com.
For additional information on SPF records, or to setup a record for your domain, I suggest checking out Microsoft’s SPF Record Wizard, or the wizard from the Open SPF guys.
The next post in the Secure Email Series will talk about setting up DKIM/Domain Key verification for your domain which are the primary methods used by Yahoo and Google to authenticate senders.
![[Slashdot]](/wp-content/plugins/slashdot.ico){kind=small}
![[Digg]](/wp-content/plugins/digg.ico){kind=small}
![[Reddit]](/wp-content/plugins/reddit.ico){kind=small}
![[del.icio.us]](/wp-content/plugins/delicious.gif){kind=small}
![[Technorati]](/wp-content/plugins/technorati.ico){kind=small}
![[StumbleUpon]](/wp-content/plugins/stumbleupon.ico){kind=small}
One Response
August 13th, 2009 at 12:33 pm
http://www.ietf.org/rfc/rfc4408.txt
Leave a Comment