Difference between revisions of "SPF"
| (3 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
== Level 1 == | == Level 1 == | ||
| Line 11: | Line 9: | ||
== Level 2 == | == Level 2 == | ||
| + | A common form of spam is where the sender appears to be the same person as the recipient. An efficient method of blocking this type of spam is by using the SPF filter. | ||
| + | |||
| + | SPF stands for Sender Policy Framework, it is an anti-spoofing measure. SPF looks at the domain found in the 'mail from:' part of the mime file, then checks that domain's SPF records to make sure that the domain that the email is reporting matches the mail servers that send that domain. For more information visit http://www.openspf.net/. | ||
| + | |||
| + | Make sure an SPF record is set for your domain on your DNS, otherwise you could see false positives on your own email for SPF. Most false positives on the SPF event are from companies not having their SPF record set up properly. | ||
== Hands On == | == Hands On == | ||
| + | |||
| + | 1) Log into the GWAVA Management Web Page and go to Scanner/Policy Mangement | policy | scanning configuration | SPF | ||
| + | |||
| + | 2) Make sure 'Enable SPF test', 'Enable message header scan' and 'Block the message' is checked. | ||
| + | |||
| + | 3) Make sure 'Enable connection drop' is unchecked. | ||
| + | |||
| + | 4) Send a test message via telnet and set the from address as being from chase.com | ||
| + | |||
| + | 5) After the message has been sent, check the GWAVA/support log (/opt/beginfinite/gwava/services/logs/gwava/support) to ensure the SPF event fired. | ||
Latest revision as of 20:08, 12 March 2014
[edit] Level 1
Sender Policy Framework can be used with the GWIA and SMTP interfaces. Sender Policy Framework, (SPF) attempts to verify the sender of each email message, which can eliminate spoofed email and most backscatter attacks. For SPF to work correctly, the sending domain must have an updated SPF record set up in DNS. If the sending domain does not have a SPF record set in their DNS, then their mail will not be blocked. Setting up a correct SPF record will block messages from spammers who are pretending to be you, to your system.
To use SPF on a GWIA interface, you must correctly specify which line in the header of mail messages is to be used. If the mail system is using a relay or proxy which adds a line to the message, then you should set SPF to use the second line (2), otherwise, the line used should be set to one (1), which is the default.
SPF can be configured to perform connection blocks in conjunction with the SMTP interface, which drops the receiving connection of a message before the message transfer is complete, if the sending server fails to be verified by SPF. This saves bandwidth as well as denying the messages from spammers.
[edit] Level 2
A common form of spam is where the sender appears to be the same person as the recipient. An efficient method of blocking this type of spam is by using the SPF filter.
SPF stands for Sender Policy Framework, it is an anti-spoofing measure. SPF looks at the domain found in the 'mail from:' part of the mime file, then checks that domain's SPF records to make sure that the domain that the email is reporting matches the mail servers that send that domain. For more information visit http://www.openspf.net/.
Make sure an SPF record is set for your domain on your DNS, otherwise you could see false positives on your own email for SPF. Most false positives on the SPF event are from companies not having their SPF record set up properly.
[edit] Hands On
1) Log into the GWAVA Management Web Page and go to Scanner/Policy Mangement | policy | scanning configuration | SPF
2) Make sure 'Enable SPF test', 'Enable message header scan' and 'Block the message' is checked.
3) Make sure 'Enable connection drop' is unchecked.
4) Send a test message via telnet and set the from address as being from chase.com
5) After the message has been sent, check the GWAVA/support log (/opt/beginfinite/gwava/services/logs/gwava/support) to ensure the SPF event fired.
