Email Spoofing – Ensure you have an SPF record set

Masquerade Mask

I have been hearing quite a bit about email spoofing recently. Email spoofing is where spammers make their email appear to come from a legitimate source.

For example, if your domain name is freelance.co.uk, you may see email that seems to come from strangeperson@freelance.co.uk or any other email address using your domain name.

This doesn’t mean that someone has access your mailboxes. Instead, the spammer has made it appear that his/her email comes from you.

All emails have hidden information, called headers, that describe where they’ve come from and say where they’re going. Spammers can fake an email’s headers so that it appears to come from your domain name. This is something that is simple to do because many mail servers do not perform authentication.

The spammers go on to send out hundreds of spam messages. Their favourite trick these days is to send out zip files that contain viruses. Recipients are encouraged to open the zip file to read something “important”.

You first know your address has been used by spammers because you start receiving lots of bounce-backs, the kind of message that says “your email could not be delivered because ..”

The good news is that it is not real and does not affect day to day operations, so you can still send and receive genuine email as normal. Equally your security is not compromised, your details have not been stolen.

The bad news is that there is actually nothing to stop these spammers doing this and your website domain can be email blacklisted as a result!

Google Writes

“If you receive bounce messages for mail that appears to originate from your account, you find messages in Spam from ‘me,’ or you receive a reply to a message you never sent, you may be the victim of a ‘spoofing’ attack. Spoofing means faking the return address on outgoing mail to hide the true origin of the message.

When you send a letter through the post, you generally write a return address on the envelope so the recipient can identify the sender, and so the post office can return the mail to the sender in the event of a problem. But nothing prevents you from writing a different return address than your own; in fact, someone else could send a letter and put your return address on the envelope. Email works the same way. When a server sends an email message, it specifies the sender, but this sender field can be forged. If there is a problem with delivery and someone forged your address on the message, then the message will be returned to you, even if you weren’t the actual sender.”

Source: https://support.google.com/mail/answer/50200?hl=en

Blacklisting

If your domain is blacklisted as a result of activity by spammers you can contact the owner of the email blacklist, explain what has happened and ask for your domain to be removed. This can be time consuming if you are on several blacklists.

In order to be removed from a blacklist, you need to first find out if you are actually on one.

You can check your blacklisting status here: http://mxtoolbox.com

Just enter your domain name e.g. www.freelance.co.uk and it will display the result. If you do appear on any blacklists you will see a link to the site or sites that have blacklisted you.

Keep your domain safe with a valid SPF record

What is SPF? Digital Ocean Writes:

“Sender Policy Framework (SPF) is an email validation system designed to prevent spam by detecting email spoofing. Today, nearly all abusive e-mail messages carry fake sender addresses. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished, they have to waste their time sorting out misdirected bounce messages, or (worse) their IP addresses get blacklisted.”

The non-technical route

Simply contact your website hosting provider, via telephone or by raising a ticket through their support system and ask them to make sure that your domain has a valid SPF record.

An SPF record only works if the email recipient’s server checks for it, so in some rare cases the spam email might still get through.  However, the majority of hosting providers do support SPF and it works.

For those who want to know more …

To find out more about the technical workings of the SPF record and how to implement one manually yourself visit Digital Ocean »

I hope this helps, it is never nice to think that spammers are using your email address but adding an SPF record certainly makes a difference.  Plus once they know the SPF record is there, they will realise that use of your email address is futile.

© Copyright protected by Copyscape.