" spf Archives - Page 2 of 3 - LuxSci

Posts Tagged ‘spf’

Infographic: Steps to Avoiding Forged Email

Friday, February 12th, 2016

Forged emails are extremely common. Most of the time forged emails are merely a nuisance.However, if you accidentally share information with or click on a link from someone who sent a forged email, the results can devastate your goal or even your site, or if it’s really evil, an entire computer. Here’s some information about how to recognize and stop forged emails.

How to Avoid Forged Email: Forged Email Facts & SPF Significance

Avoiding Forged Email. Significance of SPF

Read the rest of this post »

Email Identity Protection and LuxSci Email Hosting

Monday, March 9th, 2015

We have just completed a long series of articles discussing how attackers forge email messages and what technologies and techniques can be used to counter these attacks.  See: Email Identity and Forged Email.

In this post, we will discuss some best practices when using LuxSci to maximize your protection against forged email messages.

Read the rest of this post »

Stopping Forged Email 3: DMARC to the Rescue

Monday, March 2nd, 2015

We have recently looked at how hackers and spammers can send forged email and then seen how these forged messages can be almost identical to legitimate messages from the purported senders.  In fact, we learned that generally all you can trust in an inbound email message is the internet IP address of the server talking to your inbound email server — as this cannot realistically be forged in any way that would still enable you to receive the message.

In our previous two posts in this series, we examined how SPF and DKIM can be used to help limit forged email messages based on validating if a message was sent by an approved server by looking at the IP address delivering the email message to you and based on digitally signing messages.  We found that while SPF and DKIM can work, they has many significant limitations that cause them to fall or be insufficient to stop forgeries in many cases.

However, SPF and DKIM address the forgery problem in very different and, in many respects, very complementary ways. For this reason, many organizations use both technologies.

If you are using both technologies and you have a good amount of control over where your domain’s messages are coming from, then you can step up your game by using DMARC — Domain-based Message Authentication, Reporting and Conformance. 

Read the rest of this post »

Stopping Forged Email 1: SPF to the Rescue

Tuesday, February 17th, 2015

We have recently looked at how hackers and spammers can send forged email and then seen how these forged messages can be almost identical to legitimate messages from the purported senders.  In fact, we learned that generally all you can trust in an inbound email message is the internet IP address of the server talking to your inbound email server — as this cannot realistically be forged in any way that would still enable you to receive the message.

We know who the message says it is from and the address of the server that delivered it to us.  How can we reliably prevent fraud by checking if the message was forged or not?  Seems hard.

It turns out that there are a number (yes, more than one!) of techniques that can be used to do this.  The first and simplest is SPF – Sender Policy Framework.  Below, we shall look at what this does, how it works, how to set it up, and what some of its deficiencies are.  In future articles, we will look at the other techniques.

SPF – Sender Policy Framework: A Super Simple Explanation

Simply put, SPF is a way for the owner of a domain, such as bankofamerica.com, to publish information indicating what servers (Internet addresses) are authorized to send email from that domain.  Recipients (e.g. your spam filtering software) can check the Internet address that is trying to send you an email from bankofamerica.com against this authorization list — if it is on it, the message is probably legitimate; if not, it’s probably forged.

Read the rest of this post »

8 Ways to Protect yourself from Forged/Fake Email

Monday, January 26th, 2015

The Internet is rife with fake and forged email.  Typically these are email messages that appear to be from a friend, relative, business acquaintance, or vendor that ask you to do something.  If you trust that the message is really from this person, you are much more likely to take whatever action is requested — often to your detriment.

These are forms of social engineering — the “bad guys” trying to establish a trusted context so that you will give them information or perform actions that you otherwise would not or should not do.

Here we address some of the actions you can take to protect yourself from these attacks as best as possible.  We’ll present these in the order of increasing complexity / technical difficulty.

Read the rest of this post »

LUXSCI