No SPF record Fake sender _ technical article

0x01. Preface

SPF is known as the sender Policy framework, the sender policy frame.

Current email communication, or is using the Simple Mail Transfer Protocol (Simplicity Mail Transfer Protocol) protocol. SMTP is a very simple transport protocol and has no good security in itself. According to the rules of SMTP, the sender's e-mail address can be declared arbitrarily by the originator. SPF is to prevent the free forgery of the sender.

0x02. SPF Recording Principle

SPF record is actually a DNS record for the server

Suppose the mail server receives a message, the IP from the host is 173.194.72.103 and claims that the sender is email@example.com. To make sure that the sender is not forged, the mail server queries the example.com SPF record. If the SPF record setting for the domain allows IP to send mail to a 173.194.72.103 host, the server considers the message legitimate, or if it is not, usually either unsubscribe or mark it as a junk/phishing message. While the attacker could set the message from example.com, it was not authorized to manipulate example.com DNS records, nor could it falsify its own IP address. The Mail service provider verifies that SPF records are flagged as junk/phishing messages.

0x03. View SPF record 1 window:nslookup-type=txt domain (-qt=txt domain) 2

3 Linux:dig-t=txt Domain

0x04. Fake Mail URL

https://emkei.cz

Http://www.deadfake.com/Send.aspx

0x05. More information

http://drops.wooyun.org/papers/534

http://blog.csdn.net/zzban/Article/details/8997713

Http://www.renfei.org/blog/introduction-to-spf.html

http://www.wooyun.org/bugs/wooyun-2011-03257

http://www.wooyun.org/bugs/wooyun-2011-03116