Email is one of the most used applications for Communication today. So how the fluke do you secure it.
Well, this is the task I had to go and find out this week after receiving some potentially very destructive phishing emails, the emails looked so real that if the user did not pick up slight changes in the mail we would have had a hefty price to pay.
There are three Technologies which I found can assist very quickly with this:
This Validates the Server Sending the Email
Can improve mail deliverability on Corporate Domains
This checks if the mail was tampered with prior to receiving it
This is a combination of both above-mentioned protocols
Let’s Kick off with SPF
Sender Protocol Framework is a method of checking if the server that is sending the mail has permission from the domain to send the mail. This does not stop the mail from being sent it just marks the mail as Authorized or not Authorized.
It is Important to note there are two sides to this:
- The Sending Domain must make sure their mail servers are Authorized to send mail
- The Receiving Domain can choose what to do with the mail depending on the Verification Result
So how does this work?
The Sending Mail Server has an IP address of 18.104.22.168 once the mail server sends out the mail it has something called an Envelope Header this contains various data for the mail to be sent. The Receiving Server uses this to extract the return-path, from the return path it takes the domain section and queries for a TXT Record for the SPF Records. The Originating IP gets validated against this record and a Verification code then gets generated where the receiving server can decide what to do with the mail.
What type of Verification Result is generated?
|None||No Record Exist|
|Neutral||Domain owner does not want to give the IP address which is Authorized|
|Pass||All records are found and validated|
|Fail||IP Address does not have permission from the domain|
|Softfail||The IP address might be authorized|
|TempError||An error occurred while doing the SPF check|
|PermError||The record is present but there is something wrong with it|
How Do You Setup SPF
To Setup SPF for your Domain sending is quite easy. You Log onto your CPanel where your DNS is hosted. Within the DNS Section first, check if you do not have an existing SPF if not add a TXT Record and Populate it with the correct Data.
For all the Information on how the SPF Records can be populated yo,u can browse the following link http://www.openspf.org/
The Way that I read it is to read it like you would read a sentence. As an Example take the below SPF Record. I know it sounds simple but it makes sense if you get confused on the syntax.
Very important the “All” is Always last in the Syntax.
|TXT||v=spf1 include:spf.protection.outlook.com –all|
This basically reads:
|v=spf1||Use SPF Version one|
|Include:spf.protection.outlook.com||Include these servers as authorized servers|
|-All||Any Other Servers is not allowed|
By Default, if there is no Mechanism in front of any other Mechanism it uses “+”
The four basic Mechanisms are:
There are tools available if you need assistance to with creating or Testing SPF.
Check the Syntax is correct: https://www.kitterman.com/
Build SPF Syntax: https://www.spfwizard.net/
Check Domain Health for Errors: https://mxtoolbox.com/
Receiving Mail with SPF
This is dependent on the exchange server you are running if it accepts SPF or not. Most Corporate environment should have this in place. This is where you receive the Verification result back and you can choose what to do with mail received. For your public domain like Gmail yo,u should see a big question mark on any mail that is suspected. This won’t be blocked but notification will be raised.
An Example would be:
|None||Take No Action|
|Neutral||Take No Action|
|Soft Fail||Accept but check Spam Filtering|
|PermError||Accept but check Spam Filtering|
|TempError||Accept but check Spam Filtering|
This is actually a very simple way to make sure your mail gets through to other corporate environments as well as blocking any potential harmful mail.