Basic knowledge of 'SPF record' that protects users from spoofed emails
Emails from acquaintances and well-known companies tend to be unconditionally trusted, but in reality, anyone can easily falsify the sender's email address. 'Spoofing emails' have long been used as a means of directing malicious websites and spreading malware. The mail service
What's an SPF Record? --Ultimate Guide to Email | The Official OhMySMTP Blog
https://blog.ohmysmtp.com/blog/whats-an-spf-record/
Unlike SNS and chat, anyone can easily fake the sender's address of an email. In addition, the email itself does not have the ability to verify the sender. OhMySMTP pointed out that spoofed emails that exploited this property had been confirmed to exist at least in 1978. Spoofing emails have been a major cyberattack for over 40 years, as the Information-technology Promotion Agency alerted against attacks that attach viruses to spoofed emails in 2020.
About emails aimed at infecting a virus called 'Emotet': IPA Information-technology Promotion Agency
https://www.ipa.go.jp/security/announce/20191202.html
'SPF' is one of the mechanisms developed to prevent such spoofed emails. SPF is a mechanism that uses DNS to compare the 'mail sender server' with the 'server linked to the domain in advance' and confirm that the sender email address is not spoofed. The 'domain-server association' used in SPF is called an SPF record.
The SPF record is registered as a
-'V = spf1' : Notifies the mail client that the record is SPF version 1.
-'Ip4: 192.168.0.1' : An IP address that allows email transmission using a domain, and multiple addresses can be specified by separating spaces. In addition to the IP address, it can be described as an address space, or it can be described by domain or record.
-'~': One of the modifiers used in SPF, which defines how to handle emails from IP addresses and domains described on the right side. Treat '+' as a legitimate email, '-' as an invalid email, '~' as an email with a high possibility of being invalid, and '?' As an unspecified email.
・ 'All': Refers to all email addresses
OhMySMTP explains that when a mail client receives an SPF record, it evaluates it from left to right. Considering the case where the SPF record of the example is received, first evaluate whether the sender IP address of the mail matches 192.168.0.1, and if not, evaluate whether it matches the next 'all'. According to the qualifier of the matching description, processing such as receiving and rejecting emails and sorting to spam will be performed.
・
Since SPF is a system with a long history formulated as '
About SPF record release | NTT DATA
https://www.nttdata.com/jp/ja/info/spf/
SPF (Sender Policy Framework): Junk E-mail Countermeasures Committee
https://salt.iajapan.org/wpmu/anti_spam/admin/tech/explanation/spf/#100
However, there are techniques to avoid identifying spoofed emails based on SPF records, so it is important to combine them with other authentication technologies such as DKIM and DMARC .
Google's Gmail / G Suite reports vulnerabilities related to spoofed emails --GIGAZINE
https://gigazine.net/news/20200821-gmail-gsuite-vulnerability/
Related Posts:
