Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Whitelisting your own domain increases spam

Network Box : 13 February, 2009  (Technical Article)
Network Box is warning companies that having their own domain whitelisted increases the levels of spam employees receive through domain spoofing
Nearly 20 per cent of all spam now forges the domain name of the recipient - ie looks as though it comes from the recipient, or someone in their company - according to analysis by managed security firm, Network Box. This has increased from just one per cent in June 2008. As a result, Network Box is advising all companies not to whitelist their own domain names.

It is common practice for companies to whitelist their own domain names, in order to avoid 'false positives' - genuine email being treated as spam. But in December 2008, Network Box started seeing a wave of spam that mimicked the recipient's email address, or posed as an email from a colleague. These emails included what looked like links to IM services, and an invitation to chat.

One of the solutions to this problem is to use Sender Policy Framework (SPF), which uses a field in the DNS record (the system that translates domain names to IP addresses). This field defines all the IP addresses that an email from a legitimate sender will come from. So, if someone in Singapore sends an email to a colleague in London, the recipient's mail server in London then verifies that the IP address it receives the email from is in the SPF record of the sender. This indicates that the email hasn't been spoofed, and so the mail is delivered.

Simon Heron, Internet Security Analyst at Network Box, says: "Until late 2008, this was a relatively small problem. But a mimic rate of 20 per cent, that we're seeing now, is very high. We advise companies who use whitelisting to take their own domain names off the list and consider other ways of avoiding false positives."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo