In this article, we will take a look at mail phishing.
Phishing e-mails are a kind of spam that has more specific targets than a mail with only advertisement. The SMTP protocols become helpless and allow the user to send forged e-mails to the sender’s mailbox. If proper security is not implemented on the mail server, the sender’s e-mail address cannot be authenticated. From the body of the message, users are directed to a fake phishing site. Many technologies recognize sender mailboxes, with most of them based on the domain name policy such as SPF (Sender Policy Framework), Yahoo’s DomainKeys, Microsoft’s sender ID technology, and so on.
Yahoo’s DomainKeys generates a pair of public and private keys. Public key is deployed at the receiver’s end on the DNS server for decryption and the private key is used in the sender’s mail server, issuing a signature for each message. So when an addressee receives a message, it goes to DNS servers to query for the sender’s public key of the domain and decrypt the encrypted string to ensure that the message is from the correct domain.
Unlike DomainKeys, SPF is IP-based, and is somewhat similar to DNS reverse lookup. When a message is received, the receiver’s end raises a DNS query for the SPF record of its domain. This record matches the sender’s mail server with its IP. Checking this record can tell you if the message is from a specified IP of the mail server and that confirms the authenticity of the message. Microsoft’s Sender ID technology is based on SPF.
However, there are issues with these three technologies regarding promotion and implementation. DomainKeys is complex because it is an additional process to the original standard mail protocol. Encryption/decryption affects server performance especially when dealing with huge amounts of data and can easily become a bottleneck; configuration and maintenance difficulties make many e-mail service providers reluctant to its use.
Compared with DomainKeys, SPF is easier to configure, requiring only the receiver to unilaterally configure it in DNS. However, as SPF is an IP and domain name specific process, it is difficult to cover all websites on the Internet. Major mail carriers differ in SPF strategy and this may help cheats find opportunities. IP-based strategy, once coded, is difficult to maintain and modify. This means that a sender’s IP from the mail server cannot change much—if an IP changes and SPF is not being updated in a timely manner, it may cause mail servers to wrongly block that IP.
However, currently, SPF is a major technology used to confront e-mail address forgery and it will stay so until a better technology is invented.
