Email spoofing details

Source: Internet
Author: User
Tags sender policy framework

0x00 background
Email spoofing technology can be used for phishing attacks.

That is, the administrator or it o & M department is forged to send emails to obtain trust so that the other party can open the accompanying Trojan file or reply to the sensitive information they want to obtain.

0x01 details

In SMTP protocol, the sender is allowed to forge the vast majority of sender feature information.

This leads to the possibility of forging emails sent by others.

There is also a website on the Internet that is more convenient to directly send forged Emails:

Http://emkei.cz/

0x02 defense

To prevent email spoofing, SPF occurs.

SPF (or Sender ID) is the abbreviation of Sender Policy Framework.

After you define the SPF record for your domain name, the recipient will determine whether the connected IP address is included in the SPF record based on your SPF record, it is regarded as a correct email; otherwise it is regarded as a forged email. Currently, most anti-spam systems support SPF filtering. This filtering will not be mistaken unless the email system administrator configures the SPF record incorrectly or omissions.

Domain key is proposed by Yahoo. Software and encryption technology must be used together, which is troublesome. Currently, not many are used. Currently, Google's support for domainkey is only added when sending emails, so that it is not required by yahoo to receive emails.

After correct settings, the mail header is generally displayed as follows:

Received-SPF: pass (google.com: domain of wordpress@your_domain.com designates 72.47.192.112 as permitted sender) client-ip=72.47.192.112;Authentication-Results: mx.google.com; spf=pass (google.com: domain of wordpress@your_domain.com designates 72.47.192.112 as permitted sender) smtp.mail=wordpress@your_domain.com

Is there a need to set SPF? It is generally considered that SPF is better, so it is helpful if any receiving server uses the SenderID mechanism to filter emails.

It is very easy to add SPF records. Simply add a TXT record to the DNS. You can use the following two SPF generation check tools:

Http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx

Http://old.openspf.org/wizard.html

A: yes is generally the record of your domain name, because he may send an email, such as the Wordpress reply I mentioned above. Mx is usually yes, And the MX Server will return a message. Ptr: no, officially recommended. If an inlude may send a mail via an isp, and the isp has its own SPF record, enter the domain name of this isp. For example, if you use Google Apps, you should add include: google.com records because your emails are sent from the Google server. Ip4: Do you have any other ip addresses to send emails? If your smtp server is independent, enter your IP address or network segment .~ All: Except the above, none of them agree. Yes, of course.

How to view SPF records

Run the following command in DOS mode in Windows:

Nslookup-type = txt Domain Name

For Unix operating systems:

# Dig-t txt Domain Name

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.