Penetration Testing mailing list archives
how effective are SPF records for preventing identity theft?
From: Nacho <listasdecorreo () lascartasdelavida com>
Date: Tue, 10 May 2005 11:40:42 +0200
Hi, I'm not sure if this issue is a bit "off topic" in this list, sorry if it is. Well, the problem I have is that from time to time I receive mail bounces of spam messages that were sent using an email address of my domain, I mean they just wrote my email address in the "From" field, they didn't use my server to send any message; and indeed those emails don't exist, but they get to me through a "catchall" email address. So I thought to put a SPF record (http://spf.pobox.com/) on the DNS of my domain, saying that the only server authorised to send mail coming from my domain is the one I use. But I wonder if this will be really effective or there is a better solution to this problem... I suppose the best would be to PGP sign all my outgoing mails, but my customers are in no way used to received signed mails and I'm sure they would be confused by this... I thought maybe somebody in this list could point me to a solution for this problem, also, do you know if a SPF record could cause me trouble if for example my ISP changed the IP of the mail server I use but they don't update my SPF record? I'm worried that the solution could be worse than the problem itself... I have had so much problems in last months with issues related to mail, spam and viruses filters... I think a few years ago there was no problem at all with this issues... Thank you for your help. Best regards: Nacho -- No book comes out of a vacuum (G. Buehler) http://www.lascartasdelavida.com
Current thread:
- how effective are SPF records for preventing identity theft? Nacho (May 11)