Improperly Configured Servers Make Spoof Emails Easier to Send

Posted on by

Improperly Configured Servers Make Spoof Emails Easier to Send

Spoofing an email address is the practice of sending a message to a recipient and making it look like it came from a respectable domain name rather than the domain from where it actually originated. For example: somebody sending emails with attachments that contain malicious code could increase the odds that his or her victims will open the attachments in question by making it look like the messages were sent from a respected domain name such as microsoft.com or yahoo.com. While administrators for these two particular sites have undoubtedly already taken preventative measures to stop attackers from spoofing emails from their domain names, a Swedish web security firm recently discovered that over half the sites they tested had not.

Poor Authentication

The problem with the sites that the security firm identified as being at risk from spoof messages was poor email authentication. The test they performed involved pinging each server to determine whether they had an effective Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) system in place. Both these authentication technologies make it much harder for spoof emails to be sent: SPF records make it easier for recipients to verify whether a particular email came from an authorized server and DMARC serves much the same purpose: allowing recipients to check not just that an email was sent from an authorised domain but also whether it has been modified during transport.

Sites that have neither of these authentication systems in place or that have limited their functionality are more vulnerable to having their domains spoofed by senders of emails with malicious code attached. It is incumbent upon all domain administrators to take adequate measures to curtail spoofing as not only could they be putting others at risk by failing to do so, they may also jeopardise their own good names in the event that spoof emails are allowed to reach their intended targets.

No Details Released

The names of the domains that failed to pass the test conducted by the Swedish web security firm were not released but what we do know is that all 276 of them feature on the Alexa Top 500 Sites on the Web list. If you take a look at the names on this list, you will see that they are all very well known. Some are more popular in specific countries, such as Russia or China, whereas others are global giants whose names will be familiar to everybody who uses the Internet on a regular basis.

Taking Defensive Action

If leading domains are not doing enough to prevent spoof emails, your company needs to take action to make sure that it is not vulnerable to attack. Corporate anti-spam software can be purchased and installed for relatively little, making it a must have for any organisation that takes their network security seriously. The team here at MailCleaner are of course always happy to provide callers with all the information they need to choose the most effective online spam filtering products for their needs.