SlideShare une entreprise Scribd logo

Sender Policy Framework​

Télécharger en tant que PPTX, PDF
S
ScottMcKeown10

A lightning talk given to WordPress Portsmouth about the use and implementation of the Sender Policy Framework

Internet
1  sur  16
Sender Policy Framework Help Protect Your Inbox From Basic SPAM Wordup Pompey 20th February 2019 Scott McKeown
What is SPF? • An eMail authentication method • An open standard • Simple to enable
Short History Of SPF • 2000 First mention of an SPF idea • 2002 SPF-like specification published • 2003 RMX & DMP specifications merged • 2004 Renamed to ‘Sender Policy Framework’ from ‘Sender Permitted From’ and MARID task group formed • 2005 MARID group collapsed and revert to ‘classic’ SPF idea • 2006 Experimental RFC published for SPF • 2014 RFC-7208 published
How does SPF Work? Write an eMail eMail Server SPF Record Check SPF Fail eMail Server SPF Pass
Where does it go? DNS Zone file as a Text (TXT) Entry.
SPF Record Make Up • Three Sections • Domain or Subdomain • SPF Version • The Mechanisms (Rules)
The Domain or Subdomain SPF Sections
SPF Version SPF Sections
The Mechanisms (Rules) • Prefix • + Pass • - Fail • ~ Softfail • ? Neutral • Can be applied to ANY of the SPF Mechanisms (Rules)
The Mechanisms (Rules) • all • ip4 • ip6 • a • mx • ptr • exists • include
Examples Allow domain's MXes to send mail for the domain, prohibit all others v=spf1 mx –all Allow any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF v=spf1 ip6:1080::8:800:200C:417A/96 –all The current-domain is used v=spf1 a –all Use External Mail Server v=spf1 mx mx:deferrals.domain.com –all Include Other Domains SPF Rules v=spf1 include:example.com -all
Lets Write Our Domain Rules
Example Of Blocked eMail Feb 20 11:58:04 ms1 postfix/policy-spf[3987]: Policy action=550 Please see http://www.openspf.net/Why?s=helo;id=redithosting.co.uk;ip=5.2.18.104;r=ms1 .redit.co.uk Feb 20 11:58:04 ms1 postfix/smtpd[2236]: NOQUEUE: reject: RCPT from unknown[5.2.18.104]: 550 5.7.1 <yoqiihld@redithosting.co.uk>: Recipient address rejected: Please see http://www.openspf.net/Why?s=helo;id=redithosting.co.uk;ip=5.2.18.104;r=ms1 .redit.co.uk; from=<> to=<yoqiihld@redithosting.co.uk> proto=ESMTP helo=<redithosting.co.uk> Feb 20 12:26:08 ms1 postfix/policy-spf[6230]: Policy action=550 Please see http://www.openspf.net/Why?s=mfrom;id=users@email.address;ip=95.105.89.221; r=ms1.redit.co.uk Feb 20 12:26:08 ms1 postfix/smtpd[2236]: NOQUEUE: reject: RCPT from unknown[95.105.89.221]: 550 5.7.1 <support@redit.co.uk>: Recipient address rejected: Please see http://www.openspf.net/Why?s=mfrom;id= users@email.address;ip=127.0.0.1;r=ms1.redit.co.uk; from=<AndrewMorgan@ufanet.ru> to=<support@redit.co.uk> proto=ESMTP helo=<127.0.0.1.public.ip.address>
References • https://en.wikipedia.org/wiki/Sender_Policy_Framework • http://www.openspf.org/ • https://www.gov.uk/government/publications/email-security- standards/sender-policy-framework-spf • https://tools.ietf.org/html/rfc7208
Sender Policy Framework​

Recommandé

Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
Men and Mice
 
Acik Anahtarli Kripto Sistemler
Acik Anahtarli Kripto SistemlerAcik Anahtarli Kripto Sistemler
Acik Anahtarli Kripto Sistemler
Mustafa GOCMEN
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
Michael Earls
 
DNS Security
DNS SecurityDNS Security
DNS Security
johnmcclure00
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
Devang Badrakiya
 
Hash function
Hash functionHash function
Hash function
Harry Potter
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
Himanshu Prabhakar
 
DNSSEC Validation Tutorial
DNSSEC Validation TutorialDNSSEC Validation Tutorial
DNSSEC Validation Tutorial
APNIC
 

Recommandé

Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
Men and Mice
 
Acik Anahtarli Kripto Sistemler
Acik Anahtarli Kripto SistemlerAcik Anahtarli Kripto Sistemler
Acik Anahtarli Kripto Sistemler
Mustafa GOCMEN
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
Michael Earls
 
DNS Security
DNS SecurityDNS Security
DNS Security
johnmcclure00
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
Devang Badrakiya
 
Hash function
Hash functionHash function
Hash function
Harry Potter
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
Himanshu Prabhakar
 
DNSSEC Validation Tutorial
DNSSEC Validation TutorialDNSSEC Validation Tutorial
DNSSEC Validation Tutorial
APNIC
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
n|u - The Open Security Community
 
SPF, DKIM en DMARC
SPF, DKIM en DMARCSPF, DKIM en DMARC
SPF, DKIM en DMARC
Jeffrey Cafferata
 
Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logic
Alberto Rivai
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
Jimmy Saigon
 
Capítulo 7: Firma digital
Capítulo 7: Firma digitalCapítulo 7: Firma digital
Capítulo 7: Firma digital
Juan Manuel García
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
Tushar Anand
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSEC
APNIC
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/Subscribe
Sumant Tambe
 
4G LTE Man in the Middle Attack with a Hacked Femtocell
4G LTE Man in the Middle Attack with a Hacked Femtocell4G LTE Man in the Middle Attack with a Hacked Femtocell
4G LTE Man in the Middle Attack with a Hacked Femtocell
3G4G
 
Course 102: Lecture 17: Process Monitoring
Course 102: Lecture 17: Process Monitoring Course 102: Lecture 17: Process Monitoring
Course 102: Lecture 17: Process Monitoring
Ahmed El-Arabawy
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
Alberto Rivai
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
BharathiKrishna6
 
Fortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-seriesFortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-series
Julian Ernesto Martinez Oliva
 
L2 tp
L2 tpL2 tp
L2 tp
Ramya Chowdary
 
NTLM
NTLMNTLM
NTLM
Guang Ying Yuan
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained.
Ajay Gupta
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signatures
Mazin Alwaaly
 
16 palo alto ssl decryption policy concept
16 palo alto ssl decryption policy concept16 palo alto ssl decryption policy concept
16 palo alto ssl decryption policy concept
Mostafa El Lathy
 
15 Setup BIND 9
15 Setup BIND 915 Setup BIND 9
15 Setup BIND 9
Hameda Hurmat
 
Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!
Scott Sutherland
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Eric Vanderburg
 

Contenu connexe

Tendances

F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
Jimmy Saigon
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/Subscribe
Sumant Tambe
 

Tendances (20)

Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
SPF, DKIM en DMARC
SPF, DKIM en DMARCSPF, DKIM en DMARC
SPF, DKIM en DMARC
 
Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logic
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Capítulo 7: Firma digital
Capítulo 7: Firma digitalCapítulo 7: Firma digital
Capítulo 7: Firma digital
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
 
DNS & DNSSEC
DNS & DNSSECDNS & DNSSEC
DNS & DNSSEC
 
Communication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/SubscribeCommunication Patterns Using Data-Centric Publish/Subscribe
Communication Patterns Using Data-Centric Publish/Subscribe
 
4G LTE Man in the Middle Attack with a Hacked Femtocell
4G LTE Man in the Middle Attack with a Hacked Femtocell4G LTE Man in the Middle Attack with a Hacked Femtocell
4G LTE Man in the Middle Attack with a Hacked Femtocell
 
Course 102: Lecture 17: Process Monitoring
Course 102: Lecture 17: Process Monitoring Course 102: Lecture 17: Process Monitoring
Course 102: Lecture 17: Process Monitoring
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
 
Fortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-seriesFortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-series
 
L2 tp
L2 tpL2 tp
L2 tp
 
NTLM
NTLMNTLM
NTLM
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained.
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signatures
 
16 palo alto ssl decryption policy concept
16 palo alto ssl decryption policy concept16 palo alto ssl decryption policy concept
16 palo alto ssl decryption policy concept
 
15 Setup BIND 9
15 Setup BIND 915 Setup BIND 9
15 Setup BIND 9
 

Similaire à Sender Policy Framework​

Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!
Scott Sutherland
 
Chapter 6 overview
Chapter 6 overviewChapter 6 overview
Chapter 6 overview
ali raza
 
Isa2004 Configuration Guide
Isa2004 Configuration GuideIsa2004 Configuration Guide
Isa2004 Configuration Guide
guest60864fc
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
NetSPI
 
Btech admission in india
Btech admission in indiaBtech admission in india
Btech admission in india
Edhole.com
 

Similaire à Sender Policy Framework​ (20)

Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!Secure360 - Attack All the Layers! Again!
Secure360 - Attack All the Layers! Again!
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
 
Fighting Email Abuse with DMARC
Fighting Email Abuse with DMARCFighting Email Abuse with DMARC
Fighting Email Abuse with DMARC
 
Chapter 6 overview
Chapter 6 overviewChapter 6 overview
Chapter 6 overview
 
A1-2-Keynote/ 1. Email Authentication Standards
A1-2-Keynote/ 1. Email Authentication Standards A1-2-Keynote/ 1. Email Authentication Standards
A1-2-Keynote/ 1. Email Authentication Standards
 
CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015 CoLabora - Exchange Online Protection - June 2015
CoLabora - Exchange Online Protection - June 2015
 
Isa2004 Configuration Guide
Isa2004 Configuration GuideIsa2004 Configuration Guide
Isa2004 Configuration Guide
 
Jabber design and configuration
Jabber design and configurationJabber design and configuration
Jabber design and configuration
 
Exam 70 412-confgure network services(4knet.ir)
Exam 70 412-confgure network services(4knet.ir)Exam 70 412-confgure network services(4knet.ir)
Exam 70 412-confgure network services(4knet.ir)
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 
Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)Attack All the Layers: What's Working during Pentests (OWASP NYC)
Attack All the Layers: What's Working during Pentests (OWASP NYC)
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
 
Btech admission in india
Btech admission in indiaBtech admission in india
Btech admission in india
 
Btech admission in india
Btech admission in indiaBtech admission in india
Btech admission in india
 
BRKSEC-2494.pdf
BRKSEC-2494.pdfBRKSEC-2494.pdf
BRKSEC-2494.pdf
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP
 
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 72018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7
 
CoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenariosCoAP Course for m2m and Internet of Things scenarios
CoAP Course for m2m and Internet of Things scenarios
 
Docker interview Questions-3.pdf
Docker interview Questions-3.pdfDocker interview Questions-3.pdf
Docker interview Questions-3.pdf
 

Dernier

Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 

Dernier (20)

Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 

Sender Policy Framework​

  • 1. Sender Policy Framework Help Protect Your Inbox From Basic SPAM Wordup Pompey 20th February 2019 Scott McKeown
  • 2. What is SPF? • An eMail authentication method • An open standard • Simple to enable
  • 3. Short History Of SPF • 2000 First mention of an SPF idea • 2002 SPF-like specification published • 2003 RMX & DMP specifications merged • 2004 Renamed to ‘Sender Policy Framework’ from ‘Sender Permitted From’ and MARID task group formed • 2005 MARID group collapsed and revert to ‘classic’ SPF idea • 2006 Experimental RFC published for SPF • 2014 RFC-7208 published
  • 4. How does SPF Work? Write an eMail eMail Server SPF Record Check SPF Fail eMail Server SPF Pass
  • 5. Where does it go? DNS Zone file as a Text (TXT) Entry.
  • 6. SPF Record Make Up • Three Sections • Domain or Subdomain • SPF Version • The Mechanisms (Rules)
  • 7. The Domain or Subdomain SPF Sections
  • 9. The Mechanisms (Rules) • Prefix • + Pass • - Fail • ~ Softfail • ? Neutral • Can be applied to ANY of the SPF Mechanisms (Rules)
  • 10. The Mechanisms (Rules) • all • ip4 • ip6 • a • mx • ptr • exists • include
  • 11. Examples Allow domain's MXes to send mail for the domain, prohibit all others v=spf1 mx –all Allow any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF v=spf1 ip6:1080::8:800:200C:417A/96 –all The current-domain is used v=spf1 a –all Use External Mail Server v=spf1 mx mx:deferrals.domain.com –all Include Other Domains SPF Rules v=spf1 include:example.com -all
  • 12. Lets Write Our Domain Rules
  • 13.
  • 14. Example Of Blocked eMail Feb 20 11:58:04 ms1 postfix/policy-spf[3987]: Policy action=550 Please see http://www.openspf.net/Why?s=helo;id=redithosting.co.uk;ip=5.2.18.104;r=ms1 .redit.co.uk Feb 20 11:58:04 ms1 postfix/smtpd[2236]: NOQUEUE: reject: RCPT from unknown[5.2.18.104]: 550 5.7.1 <yoqiihld@redithosting.co.uk>: Recipient address rejected: Please see http://www.openspf.net/Why?s=helo;id=redithosting.co.uk;ip=5.2.18.104;r=ms1 .redit.co.uk; from=<> to=<yoqiihld@redithosting.co.uk> proto=ESMTP helo=<redithosting.co.uk> Feb 20 12:26:08 ms1 postfix/policy-spf[6230]: Policy action=550 Please see http://www.openspf.net/Why?s=mfrom;id=users@email.address;ip=95.105.89.221; r=ms1.redit.co.uk Feb 20 12:26:08 ms1 postfix/smtpd[2236]: NOQUEUE: reject: RCPT from unknown[95.105.89.221]: 550 5.7.1 <support@redit.co.uk>: Recipient address rejected: Please see http://www.openspf.net/Why?s=mfrom;id= users@email.address;ip=127.0.0.1;r=ms1.redit.co.uk; from=<AndrewMorgan@ufanet.ru> to=<support@redit.co.uk> proto=ESMTP helo=<127.0.0.1.public.ip.address>
  • 15. References • https://en.wikipedia.org/wiki/Sender_Policy_Framework • http://www.openspf.org/ • https://www.gov.uk/government/publications/email-security- standards/sender-policy-framework-spf • https://tools.ietf.org/html/rfc7208