Online technology changes that could effect you
We have recently really pissed off some folks with our willingness to tell it as it is and as a result we have seen a serious increase in the amount of Spam related traffic. It could very well be coincidence but that is highly doubtful given the IP addresses of the offenders. Just the same we have investigated the traffic and found that the majority are attempts at email forgery where a Spammer tries to send email with our domain as the return address so it would seem to have come from us.
Well even though we never forwarded the messages on to the return addresses that had been supplied which would have discredited us and eventually caused bans against our domains we decided to implement a bit of a defense against this insolence. We recently implemented something called SPF. For those that are not familiar with SPF it stands for “Sender Policy Framework”. SPF is a fairly new method of determining the validity of email being sent. It checks the emails and makes sure that the sender has a valid SPF record in DNS and if not drops the email and gives the offender a notice describing their violation and what to do in the event that they are trying to send legitimate email.
Installing the packages needed and configuring SPF was a rather simple task but at the same time it has proven to be a bit of a double edged sword. By using SPF we gain the protection against forged emails like Spam, Fraud, Worms and Phishing but at the same time it is still fairly new and not everyone uses it or in the case we are going to discuss they do not use it properly. We have seen that this poses a bit of an issue in that we have found emails from legitimate services such as technorati that get dropped.
The way the technology works is that 2 parties are required for successful messages to be sent. Each party (domain) publishes an SPF record in their DNS zone for the domain. When one of these domains tries to send an email to the other the receiving domain checks to see if the message complies with the sending domains policy and if not is then considered a fake. Depending on what has been specified in the SPF record the messages can be sent anyway, bounced, dropped and so on. Due to what is considered attacks against our server we have decided to drop all messages that appear to be forged leading us to the technorati issue.
We noticed email being sent from technorati that is getting dropped. We contacted technorati right away to inform them of the issue. We did not hear back from them and do not expect that we will until they fix their SPF record. After having thought about it for a bit we decided to look into it a bit further by checking their SPF record and what we have found is that the record does not include the server IP that they are sending email from. It does include a range of IP addresses but this one they are using is not close to being included. We then contacted them one more time to inform them of our new findings and suggested a fix.
It has only now been about 24 hours since contacting them but we have not seen a fix yet and notice yet more messages from them are being dropped. This is a bit unfortunate but their email is not important enough for us to change our decisions with the implementation of our sender policy. It is a bit disturbing that such a well known website has a miss configure like this but everyone can make mistakes. We just hope for their sake that it does not go on for to long especially since they are listed as one of the most frequently used domains that have implemented SPF.
Before I finish up. We highly recommend that if you are not already using SPF you do so immediately to protect yourself, your domain, your reputation and your users from damages that could very well be irreversible. Just remember that getting yourself blacklisted is the easy part.