|SPF: More Important Now than Ever|
|Written by Save the Mail!|
|Thursday, 29 April 2010 16:20|
Currently in its last day, Infosecurity Europe has attracted nearly 12,000 information security professionals to the 3 day UK event as well as many of the key industry players in the region. In the mix is Cisco IronPort’s product manager Swastik Bihani – who took some time out Tuesday to check in with UK computing magazine PC Pro. Among the hot talking points – spam.
We’ve been alluding to it, if not outright screaming it in some of our most recent posts here on Save the Mail, but if you haven’t heard it yet we’ll say it again: “spam” (as we know it) is changing.
And according to Cisco’s Bihani, scammers are not only getting smarter, but their “finished product” is only becoming more dangerous.
Historically spam has been viewed as a nuisance rather than a real danger, but according to Bihani 85% of the messages processed by IronPort now contain some kind of link – and increasingly these links are directed to malware infected sites of some kind.
One of Bihani’s key recommendations: implementing SPF (Sender Policy Framework) for companies.
SPF is in essence an email validation system that seeks to prevent unwanted, dangerous email from spoofed source addresses.
The concept first took flight in 2002 and by 2004 had morphed into the SPF system that is more or less in place today.
How it works (in sum): administrators specify which hosts are allowed to send email from a given domain by creating a specific DNS SPF record in the public DNS. Mail exchangers then use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain's administrators. (thank you Wikipedia for this very condensed version)
Most mail servers support SPF, but if for any reason yours doesn’t – there are also a number of extensions that you can deploy that will. In addition, most major email protection solutions on the market also support SPF. (A list of some of the Mail Servers, extensions and programs that support SPF can be found here.)
If you are not currently relying on an SPF check as part of your broader email system protection plan, consider turning this feature on (or switching to a product that supports SPF) right away. It is a simple way to make your email safer immediately – and as spam threats continually worsen, a necessity for every company.
|Last Updated on Thursday, 29 April 2010 16:42|