About Me
Chris Barton
Having been with "big red" since the Dr Solomons acquisition Chris has seen many come and go but is never content to be ...
Feeds & Podcasts
Blogs
- Consumer (478)
- Corporate (155)
- Enterprise (466)
- McAfee Labs (1126)
Meet the Bloggers
- Abhishek Karnik
- Adam Pridgen
- Adam Wosotowsky
- Aditya Kapoor
- Ahmed Sallam
- Alex Hinchliffe
- Allysa Myers
- Anil Ramabhatta
- Anindita Mishra
- Anna Stepanov
- Apurv Anand
- Arun Pradeep
- Arun Sabapathy
- Avelino Rico Jr
- Ben Edelman
- Bhaskar Krishna
- Bing Sun
- Brad Antoniewicz
- Brant Yaeger
- Brenda Moretto
- Brian Kenyon
- Brian Mann
- Carlos Castillo
- Cedric Cochin
- Chen Yu
- Chintan Shah
- Chris Barton
- Craig Schmugar
- Cyber Mum Australia
- Dan Sommer
- Dave Klenske
- David Marcus
- David Rayhawk
- David Scharoun
- Dennis Elser
- Denys Ma
- Di Tian
- Dirk Kollberg
- Dmitry Gryaznov
- Dr. Phyllis Schneck
- DThakkar
- Editor
- Elodie Grandjean
- Eric Peterson
- Eric Schou
- Federico Barbieri
- Felix Martinez
- Francie Coulter
- Francisca Moreno
- Francois Paget
- Gabriel Acevedo
- Gaith Taha
- Gary Davis
- Gavin Struthers
- Geok Meng Ong
- Georg Wicherski
- George Kurtz
- Gert Jan Schenk
- Girish Pillai
- Guilherme Venere
- Haowei Ren
- Harish Garg
- Hiep Dang
- HongZheng Zhou
- Igor Muttik
- James Duldulao
- James Galpin
- Jan Volzke
- Jeremy Gilliat
- Jim Walter
- Jimmy Kuo
- Jimmy Shah
- Joe Telafici
- Joel Spurlock
- Joey Koo
- John Dasher
- Jon Paterson
- Jonathan Zdziarski
- Juan Bocanegra
- Karthik Raman
- Kevin Beets
- Kevin McGhee
- Kevin Watkins
- Kim Eichorn
- Lang Tibbils
- Latha Ramasamy
- Lianne Caetano
- Lokesh Kumar
- Madhurima Pawar
- Marc Olesen
- Marius van Oers
- Mark Olea
- Matthew Wollenweber
- Meirgen Krehs
- MFEChannelChief
- Micha Pekrul
- MihwaLee
- Mike Price
- Mohinder Gill
- Monty Ijzerman
- Nandi Kishore
- Navtej Singh
- Neha Joshi
- Nick Kelly
- Nikfar Khaleeli
- Nishad Herath
- Nitin Jyoti
- Nitin Kumar
- Oliver Devane
- PageOne Pr
- Paolo Palumbo
- Paras Gupta
- Patrick Comiotto
- Patrick Knight
- Paula Greve
- Pedro Bueno
- Peter Meyer
- Peter Szor
- Pradeep Govindaraju
- Prajwala Rao
- Prashanth PR
- Rachit Mathur
- Rafal Wojtczuk
- Rahul Kashyap
- Rahul Mohandas
- Raj Samani
- Ravi Balupari
- Rizwan Husain
- Robert Ross
- Robert Siciliano
- Rodney Andres
- Romain Levy
- Rusty Carter
- Ryan Permeh
- Sam Masiello
- Schalk Cronjé
- Seth Purdy
- Shane Keats
- Shannon Cole
- Sharath Veerabhadraswamy
- Shinsuke Honjo
- Simon Cooper
- Simon Hunt
- Stephen Karkula
- Stina Wikstrom
- Stuart McClure
- Sudarshan Swamy
- Swapnil Pathak
- Tad Heppner
- Ted Rooney
- Tim Fulkerson
- Todd Gebhart
- Toralv Dirro
- Tracy Mooney
- Tracy Ross
- Ugur Sahsi
- Umesh Wanve
- Varadharajan Krishnasamy
- Vinay Mahadik
- Vinoo Thomas
- Vitaly Zaytsev
- Vivek Chudgar
- Vu Nguyen
- Wei Wang
- Xiao Chen
- Xing Su
- Yang Zhang
- Yichong Lin
- Zhedong Chen
- Zhu Cheng
Archive
- February 2012 (18)
- January 2012 (47)
- 2011 (482)
- 2010 (431)
- 2009 (395)
- 2008 (294)
- 2007 (416)
- 2006 (169)
Tags
#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity
Spammers got a free pass?
|
|
Terry Zink has found a spammer that had a valid SPF record and managed to get his advertisement into his field of attention. I don’t buy the “not that it helps” bit since it got as far as his blog 
and after all anyone sending from this domain would get an SPF PASS when tested and would require further testing of its legitimacy and content.
I’ll get back to my point; This is not an “odd” thing!…
Schalk did a study some time ago on SPF but neglected to point out one important statistic that Terrys post reminded me about. Nearly 9% of the SPF records in his study were +all records. An SPF record of +all means anyone can send email for a domain, and the study covered what we term “domains in focus” (basically domains that we’ve seen used pretty recently and kept an eye on). We’ve kept an eye on this sort of thing for a long time since spammers were the first to adopt SPF for obvious reasons (+all loophole being the main one).
So for anyone that has got this far and doesn’t see the point yet… +all SPF records mean “I don’t care” 
I firmly believe that not enough domain owners publish SPF records, so here is a quick guide to SPF for the-little-guy (All you big companies already have them right?).
Situation 1 – Your domain is hosted on a cpanel account (other $5/month hosting products are available) or your a single server company handling your own inbound mail :
"v=spf1 mx -all"
This SPF record says: Only my mail server can send mail for my domain.
Situation 2 – Mail is routed out (smarthosted) by your ISP:
"v=spf1 mx a:smtp.example.com -all"
This SPF record says: Only my mail server and the host smtp.example.com can send mail for my domain.
or
"v=spf1 mx ip4:172.16.25.25 -all"
This SPF record says: Only my mail server and the host with the IP address 172.16.25.25 can send mail for my domain.
or
"v=spf1 mx redirect:example.com -all"
This SPF record says: Only my mail server and any SPF host for example.com can send mail for my domain.
So there you go. That’s how you can help protect your domain from being forged by spammers. All we need to do now is have the rest of the world check them. Shoot anyone with a +all record type and convince any online auction and payment processing sites to make theirs less broken, so it actually works too (RFC 4408,10.1/6) .
|
|
Comments (1)
The description of both situations needs to also say, “and we don’t send email to users with North American ISP, university, or large publicly available email addresses (or don’t mind if the email we do send them don’t reach their destination).”
Submit your own comments / message for this post