Cybercriminals often send spoofed emails by forging the email address of some legitimate authority or someone well-known to us. They often do this for phishing or spreading malware. SPF or Sender PolicyFramework, DKIM or DomainKeys Identified Mail, and DMARC or Domain-based Message Authentication, Reporting, and Conformance are three technologies using which we can detect as well as prevent email spoofing. Let’s understand how SPF, DKIM, and DMARC help us in detecting and preventing email spoofing.
What is SPF or Sender Policy Framework?
SMTP, or Simple Mail Transfer Protocol, was first developed in 1982. At that time, it had very few security features. Though at that time there were not many concerns, later it became a major security concern. And we needed some mechanism to address the security concerns. SPF or Sender Policy Framework is an extension to SMTP that is developed to address the security concerns of email spoofing.
When an email is sent from one email address to another, the sending mail server first resolves the IP address of the receiving mail server. This is done through MX or Mail Exchanger records of the DNS. When the sending mail server makes a DNS query for the IP address of the receiving mail server, corresponding MX records containing the IP address of the receiving mail server are fetched from the DNS Servers.
In SPF, a reverse MX record is published in the DNS server by the sending mail server. As a result, whenever a receiving mail server gets an email from a sending mail server, the receiving mail server checks the SPF records with the DNS server and verifies whether the sending mail server is authorized to send an email using the domain’s email address.
In SPF, the domain owner publishes SPF records to DNS. The SPF records contain a list of IP addresses or subnets using which the sending mail server can send emails. So, if the IP address of the sending mail server does not match any of the IP addresses of the domain’s SPF records, the receiving mail server can detect that the sending mail server was not authorized to send the email. Hence, the received email is a spoofed email.
0 Comments