Posted by SecExtra on April 16th, 2009

As emailed malware increases, companies should implement Sender Policy Framework (SPF) technology, advises Network Box

With a continued rise in emailed malware and phishing attacks (Phishing Attacks Rise as Recession Bites), companies should implement Sender Policy Framework (SPF) technology to protect against spoofed email addresses, according to new advice from managed security company, Network box.

SMTP protocol allows any computer to send an email claiming to be from anyone, which makes it easy for spammers to send email from forged addresses. This makes it difficult to trace where the spam truly comes from and easy for spammers to hide their true identify in order to avoid responsibility. It also creates backscatter.

Sender Policy Framework addresses this by allowing the owner of a domain to list the IP addresses permitted to send email from that domain. This is done by publishing a TXT record in the protected domain name, listing the range of addresses that mail comes from. So, when a mail server receives an email message from a domain name, it can look up the SPF record and compare it to the IP address from where the email actually came.  This can be used to determine whether the email was sent from a trusted source, or a forged source.

According to Network Box, just under 10 per cent of companies use SPF currently.  Analysis by Network Box through March 2009 found that a significant number of spam emails could be rejected before it gets to the scanning stage by using SPF.

Simon Heron, Internet Security Analyst for Network Box says: “Using Sender Policy Framework can really help to determine whether an email is what it says it is. Up to 20 per cent of email forges a domain name, so SPF can be very effective in reducing that figure.”

For more information on Network Box, or SPF technology, visit www.network-box.co.uk