How to correct a misconfigured spf record to stop sending phishing or spam emails from our domain by attacker?

huangapple go评论56阅读模式
英文:

How to correct a misconfigured spf record to stop sending phishing or spam emails from our domain by attacker?

问题

这封电子邮件最近提到了我们的电子邮件存在漏洞问题,因为SPF记录配置不正确。请查看下面的实际电子邮件。

这真的是一个问题吗?如何解决这个问题?

请帮助一下。
谢谢

这份报告是关于一个配置错误的SPF记录标志,它可以被用来滥用组织,冒充身份,从而允许伪造受尊敬组织的邮件。

关于问题:
根据我所看到的,您网站的SPF和TXT记录如下:
v=spf1 mx ~all
正如您可以看到,最后的波浪符(~all)是问题所在,它应该被替换为连字符(-all)符号。

因此,有效的记录将如下所示:
v=spf1 mx -all

问题是什么:
正如您在文章中可以看到,Softmail和fail之间的区别,您应该使用fail,因为Softmail允许任何人从您的域发送伪造邮件。

在当前的SPF记录中,您应该在"all"之前用-代替~,-是严格的,除非您正在发送邮件,否则会阻止所有伪造邮件。

我们已经与我们的托管提供商核实了,他说没有问题需要修复。但是我们对这封电子邮件感到困惑,是的,我们确实从我们自己的域接收电子邮件,而且如果有人通过我们的域向其他人发送这种随机电子邮件,那肯定是一个问题。

所以我想知道我收到的电子邮件是否描述了一个实际的问题?如何解决这个问题?

请帮助。

英文:

I got this email recently that speaks about vulnerability issue with our email because of misconfigured spf record. Please find below the actual email.

Is this really an issue? How to address the issue?

Please help someone.
Thanks

> This report is about a misconfigured spf record flag , which can be used to abuse the organization by posing the identity , which allows for fake mailing on behalf of respected organizations .
>
> About the Issue :
> As i seen the SPF and TXT record for your site which is :
> v=spf1 mx ~all
> as u can see the symbol at last which Tilde (~all) is the issue , which should be replaced by Hyphen (-all) symbol.
>
> So valid record will be look like :
> v=spf1 mx -all
>
> What's the issue :
> As you can see in the article difference between Softmail and fail you should be using fail as Softmail allows anyone to send spoofed emails from your domains.
>
> In the current SPF record you should replace ~ with - at last before all , - is strict which prevents all spoofed emails except if you are sending.

We checked with our hosting and he said there is no issue and nothing to fix. But we are puzzled with this email and yes, we receive emails from our own domain and definitely its an issue, if someone sends such random emails to others through our domain.

So I want to know if the email I received is describing an actual issue? How to address the issue?

Please help.

答案1

得分: 0

你的问题可能在ServerFault.com论坛上会得到更好的回应。

尽管如此,接收邮件服务器将决定如何处理SPF失败,包括'softfail'。值得知道的是,SPF身份验证会在邮件列表和自动转发规则中破坏,~all实际上可能更可取。

然而,SPF不会对你电子邮件客户端中的"FROM"字段中看到的域进行身份验证,因此无论是~all还是-all都不能保护你的域免受欺骗,你应该考虑使用DMARC(以及DKIM以增强转发的生存能力)来保护你的域免受欺骗。

英文:

Your question would be better received at ServerFault.com forum.

That said, receiving servers will determine how they will handle SPF fails, including 'softfail'. Good to know is that SPF authentication will break with mailing lists and auto-forwarding rules and ~all might actually be preferable.

However, SPF does NOT authenticate the domain seen in the FROM field in your email client, so neither ~all nor -all will protect your domain against spoofing and you should look into DMARC (and DKIM for forwarding survivability) for protecting your domain against spoofing.

huangapple
  • 本文由 发表于 2023年4月4日 14:34:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/75926153.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定