0x00 background
Email spoofing technology can be used for phishing attacks.
That is, the administrator or it o & M department is forged to send emails to obtain trust so that the other party can open the accompanying Trojan file or reply to the sensitive information they want to obtain.
0x01 details
In SMTP protocol, the sender is allowed to forge the vast majority of sender feature information.
This leads to the possibility of forging emails sent by others.
There is also a website on the Internet that is more convenient to directly send forged Emails:
Http://emkei.cz/
0x02 defenseTo prevent email spoofing, SPF occurs.
SPF (or Sender ID) is the abbreviation of Sender Policy Framework.
After you define the SPF record for your domain name, the recipient will determine whether the connected IP address is included in the SPF record based on your SPF record, it is regarded as a correct email; otherwise it is regarded as a forged email. Currently, most anti-spam systems support SPF filtering. This filtering will not be mistaken unless the email system administrator configures the SPF record incorrectly or omissions.
Domain key is proposed by Yahoo. Software and encryption technology must be used together, which is troublesome. Currently, not many are used. Currently, Google's support for domainkey is only added when sending emails, so that it is not required by yahoo to receive emails.
After correct settings, the mail header is generally displayed as follows:
Received-SPF: pass (google.com: domain of wordpress@your_domain.com designates 72.47.192.112 as permitted sender) client-ip=72.47.192.112;Authentication-Results: mx.google.com; spf=pass (google.com: domain of wordpress@your_domain.com designates 72.47.192.112 as permitted sender) smtp.mail=wordpress@your_domain.comIs there a need to set SPF? It is generally considered that SPF is better, so it is helpful if any receiving server uses the SenderID mechanism to filter emails.
It is very easy to add SPF records. Simply add a TXT record to the DNS. You can use the following two SPF generation check tools:
Http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx
Http://old.openspf.org/wizard.html
A: yes is generally the record of your domain name, because he may send an email, such as the Wordpress reply I mentioned above. Mx is usually yes, And the MX Server will return a message. Ptr: no, officially recommended. If an inlude may send a mail via an isp, and the isp has its own SPF record, enter the domain name of this isp. For example, if you use Google Apps, you should add include: google.com records because your emails are sent from the Google server. Ip4: Do you have any other ip addresses to send emails? If your smtp server is independent, enter your IP address or network segment .~ All: Except the above, none of them agree. Yes, of course.How to view SPF records
Run the following command in DOS mode in Windows:
Nslookup-type = txt Domain NameFor Unix operating systems:
# Dig-t txt Domain NameStart building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
