SlideShare a Scribd company logo

Sender Policy Framework​

Download as PPTX, PDF
S
ScottMcKeown10

The document explains Sender Policy Framework (SPF), an email authentication method designed to protect inboxes from spam. It outlines the history, functioning, and structure of SPF records, including the specification of mechanisms and rules for domain authentication. Additionally, the text provides examples of SPF records and references for further reading.

Internet
1 of 16
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Sender Policy Framework Help Protect Your Inbox From Basic SPAM Wordup Pompey 20th February 2019 Scott McKeown
What is SPF? • An eMail authentication method • An open standard • Simple to enable
Short History Of SPF • 2000 First mention of an SPF idea • 2002 SPF-like specification published • 2003 RMX & DMP specifications merged • 2004 Renamed to ‘Sender Policy Framework’ from ‘Sender Permitted From’ and MARID task group formed • 2005 MARID group collapsed and revert to ‘classic’ SPF idea • 2006 Experimental RFC published for SPF • 2014 RFC-7208 published
How does SPF Work? Write an eMail eMail Server SPF Record Check SPF Fail eMail Server SPF Pass
Where does it go? DNS Zone file as a Text (TXT) Entry.
SPF Record Make Up • Three Sections • Domain or Subdomain • SPF Version • The Mechanisms (Rules)
The Domain or Subdomain SPF Sections
SPF Version SPF Sections
The Mechanisms (Rules) • Prefix • + Pass • - Fail • ~ Softfail • ? Neutral • Can be applied to ANY of the SPF Mechanisms (Rules)
The Mechanisms (Rules) • all • ip4 • ip6 • a • mx • ptr • exists • include
Examples Allow domain's MXes to send mail for the domain, prohibit all others v=spf1 mx –all Allow any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF v=spf1 ip6:1080::8:800:200C:417A/96 –all The current-domain is used v=spf1 a –all Use External Mail Server v=spf1 mx mx:deferrals.domain.com –all Include Other Domains SPF Rules v=spf1 include:example.com -all
Lets Write Our Domain Rules
Sender Policy Framework​
Example Of Blocked eMail Feb 20 11:58:04 ms1 postfix/policy-spf[3987]: Policy action=550 Please see http://www.openspf.net/Why?s=helo;id=redithosting.co.uk;ip=5.2.18.104;r=ms1 .redit.co.uk Feb 20 11:58:04 ms1 postfix/smtpd[2236]: NOQUEUE: reject: RCPT from unknown[5.2.18.104]: 550 5.7.1 <yoqiihld@redithosting.co.uk>: Recipient address rejected: Please see http://www.openspf.net/Why?s=helo;id=redithosting.co.uk;ip=5.2.18.104;r=ms1 .redit.co.uk; from=<> to=<yoqiihld@redithosting.co.uk> proto=ESMTP helo=<redithosting.co.uk> Feb 20 12:26:08 ms1 postfix/policy-spf[6230]: Policy action=550 Please see http://www.openspf.net/Why?s=mfrom;id=users@email.address;ip=95.105.89.221; r=ms1.redit.co.uk Feb 20 12:26:08 ms1 postfix/smtpd[2236]: NOQUEUE: reject: RCPT from unknown[95.105.89.221]: 550 5.7.1 <support@redit.co.uk>: Recipient address rejected: Please see http://www.openspf.net/Why?s=mfrom;id= users@email.address;ip=127.0.0.1;r=ms1.redit.co.uk; from=<AndrewMorgan@ufanet.ru> to=<support@redit.co.uk> proto=ESMTP helo=<127.0.0.1.public.ip.address>
References • https://en.wikipedia.org/wiki/Sender_Policy_Framework • http://www.openspf.org/ • https://www.gov.uk/government/publications/email-security- standards/sender-policy-framework-spf • https://tools.ietf.org/html/rfc7208
Sender Policy Framework​

More Related Content

PDF
The Art of VoIP Hacking - Defcon 23 Workshop
Fatih Ozavci
 
PDF
Palo Alto Networks y la tecnología de Next Generation Firewall
Mundo Contact
 
PPTX
Packet sniffing
Shyama Bhuvanendran
 
PPTX
Packet Sniffer
vilss
 
PPTX
Firewall
Saurabh Chauhan
 
PPTX
Firewall
trilokchandra prakash
 
PPTX
NMAP
PrateekAryan1
 
PPTX
Information security
Jin Castor
 
The Art of VoIP Hacking - Defcon 23 Workshop
Fatih Ozavci
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Mundo Contact
 
Packet sniffing
Shyama Bhuvanendran
 
Packet Sniffer
vilss
 
Firewall
Saurabh Chauhan
 
Firewall
trilokchandra prakash
 
NMAP
PrateekAryan1
 
Information security
Jin Castor
 

What's hot (20)

PDF
Arp protokolu ve guvenlik zafiyeti
BGA Cyber Security
 
PDF
Access Control Presentation
Wajahat Rajab
 
PPTX
Introduction of firewall slides
rahul kundu
 
PPTX
RSA algorithm
Arpana shree
 
PDF
Information Security Awareness Deck and Training
jimmygo8
 
PPTX
Anomalies Detection: Windows OS - Part 1
Rhydham Joshi
 
PDF
16 palo alto ssl decryption policy concept
Mostafa El Lathy
 
PPT
SS7 & SIGTRAN
Stephanie Galloway-Williams
 
PPT
Snort
Rahul Jain
 
PDF
ARM CoAP Tutorial
zdshelby
 
PPTX
Lecture 22 What inside the Router.pptx
HanzlaNaveed1
 
PPTX
Golden Ticket Attack - AD - Domain Persistence
Mohammed Adam
 
PPTX
Firewall
Devashree Kumari
 
PPTX
Server hardening
Teja Babu
 
PDF
Footprinting
Duah John
 
PPTX
Zen map
harisnaved
 
PPTX
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
PPTX
Firewall presentation
gaurav96raj
 
PPTX
Firewall and Types of firewall
Coder Tech
 
PDF
Siber Saldırı Aracı Olarak DDoS
BGA Cyber Security
 
Arp protokolu ve guvenlik zafiyeti
BGA Cyber Security
 
Access Control Presentation
Wajahat Rajab
 
Introduction of firewall slides
rahul kundu
 
RSA algorithm
Arpana shree
 
Information Security Awareness Deck and Training
jimmygo8
 
Anomalies Detection: Windows OS - Part 1
Rhydham Joshi
 
16 palo alto ssl decryption policy concept
Mostafa El Lathy
 
SS7 & SIGTRAN
Stephanie Galloway-Williams
 
Snort
Rahul Jain
 
ARM CoAP Tutorial
zdshelby
 
Lecture 22 What inside the Router.pptx
HanzlaNaveed1
 
Golden Ticket Attack - AD - Domain Persistence
Mohammed Adam
 
Firewall
Devashree Kumari
 
Server hardening
Teja Babu
 
Footprinting
Duah John
 
Zen map
harisnaved
 
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
Firewall presentation
gaurav96raj
 
Firewall and Types of firewall
Coder Tech
 
Siber Saldırı Aracı Olarak DDoS
BGA Cyber Security
 
Ad

Similar to Sender Policy Framework​ (20)

PDF
Actual Fortinet FCP_FML_AD-7.4 FortiMail Administrator Certification Practice...
NWEXAM
 
PPTX
Secure360 - Attack All the Layers! Again!
Scott Sutherland
 
PPT
Information Security Lesson 4 - Baselines - Eric Vanderburg
Eric Vanderburg
 
PPTX
Fighting Email Abuse with DMARC
Kurt Andersen
 
PPT
Chapter 6 overview
ali raza
 
PDF
A1-2-Keynote/ 1. Email Authentication Standards
JPAAWG (Japan Anti-Abuse Working Group)
 
PPTX
CoLabora - Exchange Online Protection - June 2015
CoLaboraDK
 
PDF
Isa2004 Configuration Guide
guest60864fc
 
PPTX
Jabber design and configuration
solarisyougood
 
PDF
Chapter 6-Securing the Local Area Network.pdf
OhmRon
 
PPSX
Exam 70 412-confgure network services(4knet.ir)
Azad Kaki
 
PDF
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Scott Sutherland
 
PDF
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
PDF
Attack All The Layers - What's Working in Penetration Testing
NetSPI
 
PDF
BlackHat Hacking - Hacking VoIP.
Sumutiu Marius
 
PPT
Btech admission in india
Edhole.com
 
PPT
Btech admission in india
Edhole.com
 
PDF
BRKSEC-2494.pdf
JacksonGonzalez14
 
PDF
Fighting Abuse with DNS
Men and Mice
 
PPTX
Slide Deck – Session 9 – FRSecure CISSP
FRSecure
 
Actual Fortinet FCP_FML_AD-7.4 FortiMail Administrator Certification Practice...
NWEXAM
 
Secure360 - Attack All the Layers! Again!
Scott Sutherland
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Eric Vanderburg
 
Fighting Email Abuse with DMARC
Kurt Andersen
 
Chapter 6 overview
ali raza
 
A1-2-Keynote/ 1. Email Authentication Standards
JPAAWG (Japan Anti-Abuse Working Group)
 
CoLabora - Exchange Online Protection - June 2015
CoLaboraDK
 
Isa2004 Configuration Guide
guest60864fc
 
Jabber design and configuration
solarisyougood
 
Chapter 6-Securing the Local Area Network.pdf
OhmRon
 
Exam 70 412-confgure network services(4knet.ir)
Azad Kaki
 
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Scott Sutherland
 
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
Attack All The Layers - What's Working in Penetration Testing
NetSPI
 
BlackHat Hacking - Hacking VoIP.
Sumutiu Marius
 
Btech admission in india
Edhole.com
 
Btech admission in india
Edhole.com
 
BRKSEC-2494.pdf
JacksonGonzalez14
 
Fighting Abuse with DNS
Men and Mice
 
Slide Deck – Session 9 – FRSecure CISSP
FRSecure
 
Ad

Recently uploaded (20)

PPT
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PDF
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PDF
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
DOC
Rose毕业证学历认证,利物浦约翰摩尔斯大学毕业证国外本科毕业证
acoqwo
 
PPTX
E -tech empowerment technologies PowerPoint
kylebalatero12
 
PPTX
Database Information System - Management Information System
faizhossain3
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PPT
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
PDF
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
PDF
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PPTX
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
PPT
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
Introduction to the IoT system, how the IoT system works
TinBinh
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
Rose毕业证学历认证,利物浦约翰摩尔斯大学毕业证国外本科毕业证
acoqwo
 
E -tech empowerment technologies PowerPoint
kylebalatero12
 
Database Information System - Management Information System
faizhossain3
 
Internet___Basics___Styled_ presentation
poonam62133
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
artificial intelligence overview of it and more
yafotin445
 
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 

Sender Policy Framework​

  • 1. Sender Policy Framework Help Protect Your Inbox From Basic SPAM Wordup Pompey 20th February 2019 Scott McKeown
  • 2. What is SPF? • An eMail authentication method • An open standard • Simple to enable
  • 3. Short History Of SPF • 2000 First mention of an SPF idea • 2002 SPF-like specification published • 2003 RMX & DMP specifications merged • 2004 Renamed to ‘Sender Policy Framework’ from ‘Sender Permitted From’ and MARID task group formed • 2005 MARID group collapsed and revert to ‘classic’ SPF idea • 2006 Experimental RFC published for SPF • 2014 RFC-7208 published
  • 4. How does SPF Work? Write an eMail eMail Server SPF Record Check SPF Fail eMail Server SPF Pass
  • 5. Where does it go? DNS Zone file as a Text (TXT) Entry.
  • 6. SPF Record Make Up • Three Sections • Domain or Subdomain • SPF Version • The Mechanisms (Rules)
  • 7. The Domain or Subdomain SPF Sections
  • 9. The Mechanisms (Rules) • Prefix • + Pass • - Fail • ~ Softfail • ? Neutral • Can be applied to ANY of the SPF Mechanisms (Rules)
  • 10. The Mechanisms (Rules) • all • ip4 • ip6 • a • mx • ptr • exists • include
  • 11. Examples Allow domain's MXes to send mail for the domain, prohibit all others v=spf1 mx –all Allow any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF v=spf1 ip6:1080::8:800:200C:417A/96 –all The current-domain is used v=spf1 a –all Use External Mail Server v=spf1 mx mx:deferrals.domain.com –all Include Other Domains SPF Rules v=spf1 include:example.com -all
  • 12. Lets Write Our Domain Rules
  • 14. Example Of Blocked eMail Feb 20 11:58:04 ms1 postfix/policy-spf[3987]: Policy action=550 Please see http://www.openspf.net/Why?s=helo;id=redithosting.co.uk;ip=5.2.18.104;r=ms1 .redit.co.uk Feb 20 11:58:04 ms1 postfix/smtpd[2236]: NOQUEUE: reject: RCPT from unknown[5.2.18.104]: 550 5.7.1 <yoqiihld@redithosting.co.uk>: Recipient address rejected: Please see http://www.openspf.net/Why?s=helo;id=redithosting.co.uk;ip=5.2.18.104;r=ms1 .redit.co.uk; from=<> to=<yoqiihld@redithosting.co.uk> proto=ESMTP helo=<redithosting.co.uk> Feb 20 12:26:08 ms1 postfix/policy-spf[6230]: Policy action=550 Please see http://www.openspf.net/Why?s=mfrom;id=users@email.address;ip=95.105.89.221; r=ms1.redit.co.uk Feb 20 12:26:08 ms1 postfix/smtpd[2236]: NOQUEUE: reject: RCPT from unknown[95.105.89.221]: 550 5.7.1 <support@redit.co.uk>: Recipient address rejected: Please see http://www.openspf.net/Why?s=mfrom;id= users@email.address;ip=127.0.0.1;r=ms1.redit.co.uk; from=<AndrewMorgan@ufanet.ru> to=<support@redit.co.uk> proto=ESMTP helo=<127.0.0.1.public.ip.address>
  • 15. References • https://en.wikipedia.org/wiki/Sender_Policy_Framework • http://www.openspf.org/ • https://www.gov.uk/government/publications/email-security- standards/sender-policy-framework-spf • https://tools.ietf.org/html/rfc7208