Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

how effective are SPF records for preventing identity theft?

from [Nacho] Network Security [Permanent Link]
Subject: how effective are SPF records for preventing identity theft?
Date: Tue, 10 May 2005 11:40:42 +0200 
Hi,

I'm not sure if this issue is a bit "off topic" in this list, sorry if it is.

Well, the problem I have is that from time to time I receive mail bounces of
spam messages that were sent using an email address of my domain, I mean they
just wrote my email address in the "From" field, they didn't use my server to 
send any message; and indeed those emails don't exist, but they get to me 
through a "catchall" email address.

So I thought to put a SPF record (http://spf.pobox.com/) on the DNS of my
domain, saying that the only server authorised to send mail coming from my
domain is the one I use.

But I wonder if this will be really effective or there is a better solution to
this problem... I suppose the best would be to PGP sign all my outgoing mails,
but my customers are in no way used to received signed mails and I'm sure they
would be confused by this...

I thought maybe somebody in this list could point me to a solution for this
problem, also, do you know if a SPF record could cause me trouble if for
example my ISP changed the IP of the mail server I use but they don't update
my SPF record? I'm worried that the solution could be worse than the problem
itself... I have had so much problems in last months with issues related to
mail, spam and viruses filters... I think a few years ago there was no
problem at all with this issues...

Thank you for your help.

Best regards:

Nacho


-- 
No book comes out of a vacuum (G. Buehler)
http://www.lascartasdelavida.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • how effective are SPF records for preventing identity theft?, Nacho <=
Previous by Date:  Re: DDos within a pentest, Jose Maria Lopez Hernandez
Next by Date:  ISO: Penetration Test Hardware Vendor, Dan Berberich
Previous by Thread:  AW: DDos within a pentest, Julian Totzek
Next by Thread:  ISO: Penetration Test Hardware Vendor, Dan Berberich
Indexes:  [Date] [Thread] [Top] [All Lists]