No SPF record is set to forge sender

No SPF record is set to forge sender

0x01. Preface

SPF is called the Sender Policy Framework, that is, the Sender Policy Framework.

The current Email communication is still using the Simple Mail Transfer Protocol. SMTP is a very simple transmission protocol, and it does not have good security measures. According to SMTP rules, the sender's email address can be declared by the sender at will. SPF is designed to prevent random spoofing of senders.

0x02. SPF record Principle

The SPF record is actually a DNS record of the server.

Assume that the mail server received an email from the host with the IP address 173.194.72.103 and claimed that the sender was a email@example.com. To confirm that the sender is not forged, the email server queries the SPF record of example.com. If the SPF record of this domain is set to allow a host with a IP address of 173.194.72.103 to send an email, the server considers the email as legal. If the email is not allowed, it will usually return the email, or mark it as spam/counterfeit mail. Although attackers can set the email to be sent from example.com, they do not have the permission to operate the DNS records of example.com, nor can they forge their own IP addresses. The email service provider verifies the SPF record as spam/counterfeit mail.

0x03. View SPF records

Window: nslookup-type = txt domain (-qt = txt domain) linux: dig-t = txt domain

0x04. Counterfeit email URL

Https://emkei.cz

Http://www.deadfake.com/Send.aspx

0x05. More references

Http://www.bkjia.com/Article/201308/239873.html