Can an IP spoofing tool be used to spam SPF servers?

BROWSE BY TAG Application Security,   Application and Platform Security,   Email Protection,   Email Security Guidelines, Encryption and Appliances,   Email and Messaging Threats (spam, phishing, instant messaging),   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Security Do Facebook URL security concerns justify blocking social networks? Is there a way to block iPhone widgets that bypass Web filters? Should enterprises be concerned with Twitter in the workplace? Are there still Google Desktop security problems? Will an application usage policy best control network bandwidth? How can URL-shortening services be manipulated? Is my security program ready for Web application firewall deployment? How to ensure the security of a shopping cart application When to use the service features of the Metasploit hacking tool Preventing cross-site request forgery attacks Email Security Guidelines, Encryption and Appliances How to confirm the receipt of an email with security protocols Best Email Security Products WatchGuard acquires email and Web security vendor BorderWare McAfee to acquire email SaaS vendor MX Logic What does 'invoked by uid 78' mean? How to configure firewall ports for webmail system implementation Fierce competition prompted new Cisco email security options Cisco brings email security appliances closer to SaaS Cisco offers more email security choices, but lacks vision Information security book excerpts and reviews Email and Messaging Threats (spam, phishing, instant messaging) Top spammer gets four years in jail for stock fraud scheme New Zeus spam poses as Social Security statements Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary asymmetric cryptography  (SearchSecurity.com) challenge-response system  (SearchSecurity.com) cryptographic checksum  (SearchSecurity.com) data encryption/decryption IC  (SearchSecurity.com) elliptical curve cryptography  (SearchSecurity.com) Escrowed Encryption Standard  (SearchSecurity.com) MPPE  (SearchSecurity.com) Quiz: Cryptography  (SearchSecurity.com) session key  (SearchSecurity.com) Twofish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Sender Policy Framework (SPF) was designed to stop email spoofing or sender address forgery, not IP (Internet Protocol) spoofing.

IP spoofing forges, or "spoofs," the source address in the header of an IP packet to make it appear to have originated from another machine -- the source address being the address from which a packet was sent. In order for spammers to use this technique, they would have to spoof the entire TCP sequence, which is highly unlikely and hasn't been seen in the wild.

If somebody could come up with such an attack, then yes, he or she would be able to pass through an SPF check, as long as the spoofed IP address matched that of a machine genuinely allowed to send mail for that domain and email address. Email spoofing, on the other hand, is extremely common, and SPF plays a role in preventing this source of spam. Email spoofing occurs when spammers alter the email header so the message appears to have originated from someone or somewhere else.

SPF provides a method whereby a mail server or mail transfer agent (MTA), when it receives an email, can confirm the sending server is authorized to send mail on behalf of that address. Domains publish Mail Exchange (MX) records in the Domain Name System (DNS), specifying which machines receive mail for the domain. SPF is basically a reverse MX record, specifying which machines are authorized to send mail from the domain. Published SPF records include attributes that uniquely describe an organization's email, including authorized senders and mail server IP addresses. Additional information on SPF can be found at Open SPF, which includes a comprehensive FAQ that reviews how to block large amounts of spam even before SPF checks occur.

To help reduce unwanted email, you should follow best practices, performing all spam-filtering tests and rejecting unwanted incoming emails while the sending server is still connected. If your server accepts an email and then decides it's spam, any reply to the sender's address indicating the message failed is likely to be to a valid but forged address. This is known as email backscatter and is a problem in itself.

SPF checks require DNS queries, which are somewhat computationally expensive. If you can't reject email at the SMTP connection, you should reduce the amount of backscatter by sending emails using schemes such as Bounce Address Tag Validation, a mechanism for assessing the validity of an email's envelope return or bounce address.

If email authentication becomes universal, then spammers will have a much tougher time getting their emails delivered. If you're interested in learning more about the various emerging methods of authenticating email, check out the Messaging Anti-Abuse Working Group white paper, Trust in Email Begins with Authentication, which was published last year.