Have a look at DMARC.org
6 posts • joined 16 Sep 2009
Re: a customer had a similar attack recently
Problem with that is that if an email is forwarded (which it may be for totally legitimate reasons) then SPF will fail as the check is performed on the last IP before the receiving MTA.
That's why you pair SPF with DKIM, as that (properly configured) survives forwarding.
If you use them both as part of DMARC then you also get full reporting on whether or not you listed all your sending IP's correctly, or missed off the payroll server/that SaaS vendor you just brought on etc.
DMARC also gives you (not the ISP) control over what happens to email that looks like it came from you but fails authentication - you specify in the p=tag whether they should do nothing, send it to spam or reject it.
Have a look at DMARC.org for the details - it's free, it's effective, there's no need to use a CA.
You might make less of an effort to avoid slamming into a tree at 90mph if you believe yourself to be safer - http://en.wikipedia.org/wiki/Risk_compensation
The safest car is one driven by someone who is REALLY trying to avoid having a crash, no seatbelt, no ABS, nice hard surfaces to cannon into that would make sure lots of bones are broken - basically a 1950's American car - would arguably be safer than todays modern vehicles in terms of getting people to pay attention.
DMARC is an open standard that Microsoft is on the verge of implementing (fully) in EOP and M365, it ensures that the 5322.From (what is visible to the user) has been used legitimately- so if they receive an email from HSBC.co.uk, and HSBC are using DMARC correctly*, AND the client which the user opens the email with validates DMARC correctly (such as Gmail, Yahoo!, AOL, Live/Hotmail and, soon, M365/EOP) then it was indeed sent by either HSBC or one of their trusted third parties.
The reply-to can be different (often a bounce processing address/etc), the key thing is that the domain in the visible from is the actual domain that authorised the email to be sent, not spoofed by Phil the Phisher.
*This assumes that HSBC has implemented DMARC fully have have got to p=reject
End the hate?
Another cyclist was killed this morning in Whitechappel by an HGV turning left.
I believe we are now on 8 or 9 deaths this year caused by motorised vehicles hitting cyclists.
So if we could move past the Road Tax issue- which does not exist and anyone who thinks it does is a complete idiot, and maybe gain some perspective?