Wednesday, 1 June 2011

Email spoofing - make sure you are protected

No its not a comedy sketch :)

If you receive bounced emails for emails you haven't sent, then its highly likely your email has been spoofed.

It simply means that someone has used your email address as a return address to send out spam. So you are the one receiving bounced emails and complaints about you spamming when you haven't done anything!!

Blacklisted
It can be very bad for your business, not just in wasted time deleting the emails and denting your reputation. But your email server can also be at risk of being black listed - effectively saying beware, you are a spammer. The blacklists are used by anti-spam programs, blocking delivery of email.

Unfortunately, it is very easy to send email pretending to be you.

Fortunately, there is an easy way to significantly reduce the amount of spoofing - the Sender Policy Framework (SPF)

SPF
It works like this - when an email is received, the email server checks for an SPF record for your domain. The SPF record contains rules that says, only accept email sent from this domain(s). So if an email is received from any domain that's not in the rules, then it will be rejected.

Check to see if your domain already has a SPF record by using this tool, replacing russellengland.com with your domain name without the www. (yourdomainname.com not www.yourdomain.com)
http://www.mxtoolbox.com/SuperTool.aspx?action=spf%3arussellengland.com

If you already have an SPF record then great!!! You are already protected and don't need to do anything.

If you don't, then you need to create one ASAP!

Get the SPF text
First you need to get the SPF rules for your email server. This will look something like "v=spf1 a ~all".

If you are using Google Apps for your email then get the SPF text from
http://www.google.com/support/a/bin/answer.py?answer=178723

Or if your host has a cpanel, then look for "Email Authentication" - this will do it all for you and you don't need to follow "create an spf record" below.

Otherwise generate SPF text from
http://old.openspf.org/wizard.html?mydomain=example.com

Create an SPF record
Once you have the SPF text you will need to create a TXT record in your DNS settings.

Log into your host or domain registry. Every host is different, so I can't give specific instructions - look for something that says DNS management. There should be an option to create a DNS record. Create a TXT record and enter the text you generated above. Once you have saved this, it will take a few hours for the web to catch up. Once it has, the spoofing will significantly reduce. I say reduce, because there are a minority of email servers that don't use SPF.

If you are not sure where your DNS settings are, then you need to do a bit of detective work. Use this tool, again replacing russellengland.com with yourdomainname.com
http://www.mxtoolbox.com/SuperTool.aspx?action=whois%3arussellengland.com
Look for "domain servers" and this should give you a clue who manages your DNS - for my domain its hostgator.com, so I need to log into hostgator.com to change my DNS settings.

Hope this has helped :)

No comments:

Post a comment