Section 6.7 Email Solutions
The original protocols used to send/receive email were simple and not designed for the challenges we face today. SPAM and phishing emails are unfortunately common and can be addressed with email client add-ons that scan for viruses or use patterns to identify phishing emails. Many of these tools are already built into Google’s GMail or Microsoft’s Exchange.
Another large challenge is verifying the sender of an email. Currently three common methods exist: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-base Message Authentication, Reporting, and Conformance (DMARC).
SPF utilizes TXT records on a DNS domain to verify the IP of a sender. When inbound mail is received, the SPF information for the domain of the sender is retrieved, giving an allowed list of IPs. For example, NJIT’s SPF record currently looks like this:
v=spf1 ip4:128.235.251.0/24 ip4:128.235.209.0/24 ip4:66.207.100.96/27 ip4:66.207.98.32/27 ip4:205.139.104.0/22 ip4:206.79.6.0/24 ip4:209.235.101.208/28 ip4:216.185.73.96/27 ip4:69.196.241.0/28 ip4:69.196.242.128/28 ip4:46.183.242.192/28 ip4:202.38.144.192/28 ip4:69.196.236.208/28 ip4:103.225.232.128/28 ip4:37.216.222.128/28 ip4:64.125.200.96/28 ip4:74.217.49.0/25 ip4:69.25.227.128/25 ip4:52.45.50.190 ip4:198.187.196.100 include:_netblock.njit.edu include:spf.sparkmail.org ~all
It is important to note that not all of these IPs belong to NJIT. Some may be groups that send emails on NJIT’s behalf like mass mailers, web applications, etc. When properly configured SPF prevents an attacker from impersonating emails from a domain.
DKIM utilizes public and private key cryptography to ensure that an email originated from a particular SMTP server. Public keys for a domain are advertised through a TXT DNS record for a particular domain. Private keys are used by the SMTP server for that domain to sign the emails being sent. A receiving SMTP server can then verify that the message originated from a valid SMTP server for that domain. Private keys can also be distributed to SMTP servers that send emails on behalf of the domain.
DMARC applies policies to the SPF and DKIM validations. DMARC answers questions like, "What should I do if a message is from a valid SPF IP but doesn’t have a valid DKIM signature?" or "What should I do with a message that looks like SPAM but has a valid DKIM signature?" DMARC puts many of the tools used to verify email together in a layered approach to determine whether to pass, quarantine, or block an email.
You have attempted 1 of 1 activities on this page.
