How to stop hackers from sending emails as you or your domain
1. Email spoofing:
Why you need to be concerned
What you can do to drastically reduce it
2. Email Spoofing
Is the creation of emails with a
forged sender address – typically
yours!
3. Email spoofing
SPAM and phishing
emails frequently use
“spoofed” email to
spread viruses and
steal personal
information.
4. Is your email is being spoofed?
You’ll see many returned emails
(bounced) in your inbox (or
SPAM/Junk folder) that you never
sent
5. Is your email being spoofed?
You get emails sent to yourself – that you never sent!
6. So what?
Every time an email is sent
with your domain being
spoofed – it’s another win for
the hackers!
7. What steps can you take to do your part?
• Education is vital. Share this education with others: friends, family, co-workers,
business associates, Facebook, LinkedIn, etc.
8. What steps can you take to do your part?
Beyond education, set-up as many
automated functions as possible to
pre-filter emails before you see them.
9. What steps can you take to do your part?
Sender Policy Framework
(SPF) should be carefully
configured for all your
email domains. It doesn’t
require an advanced
college degree – but it
helps to know the little
“tricks of the trade”.
10. Prevention
Reportedly, about 60% of email
domains already have SPF setup.
However, our research shows only
about half of them are configured
properly.
11. Configuring SPF
SPF allows you to
specify which
hosts are allowed,
or pre-approved to
send email on
behalf of one of
your domains
12. Improperly configured
It probably has a setting like:
v=spf1 +a +mx +ip4:(your IP address) ?all
v=spf1: Identifies this as an SPF record SPF
version 1
a Authorizes the host(s) listed in the
domain’s A record to send email
mx The MX records are tested in order
of MX priority
ip4: The IP address of your mail server.
Additional ones are spaced
?all The SPF record specifies explicitly
that nothing can be said about
validity
13. What it should be
v=spf1 +a +mx +ip4:(IP address of email server) ~all
Changing the ?all to ~all is the one little change that makes a huge
difference.
The difference between the ~ and ? is that the ~ denotes that the list is
all inclusive and no other servers are authorized to send email
For email servers that check SPF records this will dramatically reduce
the amount of bounce-backs, spoofing and forged emails sent using
your domain
14. 1. You need to take every step possible to prevent SPAM
2. Take some simple steps and realize how much better email is
3. Share this with friends – the more people who participate the more
effective this becomes
15. If you have questions, connect with us on Twitter and
ask us – we’ll help you as much as possible
@wewatch #stopspam