Email spoofing is the forgery of an email
header so that the message appears to have originated from someone or
somewhere other than the actual source. Distributors of spam often use
spoofing in an attempt to get recipients to open, and possibly even
respond to, their solicitations. However, spoofing anyone other than
yourself is illegal in some jurisdictions.
Email spoofing is
possible because Simple Mail Transfer Protocol (SMTP), the main
protocol used in sending email, does not include an authentication
mechanism (other than a Reverse DNS Lookup). Although an SMTP service
extension (specified in IETF RFC 2554) allows an SMTP client to
negotiate a security level with a mail server, this precaution is not
often taken. If the precaution is not taken, anyone with the requisite
knowledge can connect to the server and use it to send messages.
send spoofed email, senders insert commands in headers that will alter
message information. It is possible to send a message that appears to
be from anyone, anywhere, saying whatever the sender wants it to say.
Thus, someone could send spoofed email that appears to be from you with
a message that you didn't write.
Although most spoofed email
falls into the "nuisance" category and requires little action other
than deletion, the more malicious varieties can cause serious problems
and security risks. For example, spoofed email may purport to be from
someone in a position of authority, asking for sensitive data, such as
passwords, credit card numbers or other personal information - any of
which can be used for a variety of criminal purposes. The Bank of
America, eBay, and Wells Fargo are among the companies recently spoofed
in mass spam mailings. One type of email spoofing, self-sending spam,
involves messages that appear to be both to and from the recipient.
is also common for a virus to spoof email addresses in the address book
of your email program after infecting a PC. A mass-mailing worm can
select from a list of email subjects in the address book, message
bodies and attachment file names for its email messages. It spoofs the
sender name of its messages so that they appear to have been sent by
different users instead of the actual users on the infected machines.
Then when the message fails, public records would route the error back
to your inbox.
SMTP authentication verifies that a user must
have a user name and password to send a message through the email
server that your domain is hosted on. Any online user can spoof any
email address from any computer, but with SMTP authentication turned
on, they would not be able to send a message thru your email server.
large email providers are now filtering for SPF (Sender Policy
Framework) which does not accept a message unless it verified by hte
Domain Name Servers (DNS). However, there are still some servers that
do accept messages without SPF and therefore, it is still possible for
someone to be able to spoof your email account
We have already
taken measures to protect you from spoofing by adding a Reverse DNS
Lookup record and enforcing SMTP Authentication. However, you can take
this protection further by modifying your SPF record on your Domain
Name Servers to exclude any other email servers.
1. Login to the Control Center at https://www.webcontrolcenter.com/domain.aspx
2. From DNS, click on DNS ZONE ADMIN and next click the GO button.
3. At the bottom, in the SPF RECORD area, click on the ADD RECORD button.
4. Click the YES button to modify the SPF record.
5. The default selection on the next window is I AM USING THE DEFAULT HOSTING SETTINGS. Click SAVE.
6. At this point, your record will look similar to this:
v=spf1 a mx/24 ip4:192.168.0.1 ?all
the “?all” part would accept email from all servers world wide. Copy
this string and click on the ADD RECORD button again. Select YES and
select CUSTOM SETTINGS. Paste the string in the new field that shows up
and change the “?all” to “–all” so the string looks similar to this one:
v=spf1 a mx/24 ip4:192.168.0.1 -all
will make your SPF record protect against email servers that are not
supposed to be sending email with your domain name on all recipient
mail servers that are filtering for SPF.
messages may not be filtered properly when the recipient domain matches
the sending (spoofed) domain. A Domain Content Filter can be used as an Internal SPF Content Filter.
Article ID: 911, Created On: 7/12/2009, Modified: 7/20/2009