Remove the anonymous email sender

Steen Pedersen Ementor

One of the major problems with SPAM and viruses is that the sender can easily hide. If it was possible somehow to remove or flag the emails from anonymous senders a lot of the problems caused by SPAM and viruses would disappear. There are several quite easy ways to do this. One of them is "Sender Policy Framework" - SPF (earlier known as Sender Permitted From). With SPF there is no change to the SMTP standard. SPF is an addition to the DNS. To support SPF the mail receiving gateways needs to be updated.

It is possible, just by the header of an email, to get the domain name in the from field and the sender's IP address. Compare this information with the IP addresses listed in the SPF in the DNS for this domain. Does the IP address sending the email match one of the IP addresses "allowed" by SPF to send email from the domain? So the mail gateway only needs to receive the first few hundred of bytes of an email to determine if the sender is legal or anonymous.

Some of the features which are possible when using SPF-compliant mail gateways:

  • If you make a prioritized mail handling: receive email fast from the "good" and known SPF senders and very very slow from the anonymous senders
  • Mark the anonymous emails as "not trusted source"

There are several things which are needed to make this a success.

Demonstrating SPF will be a part of the presentation.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.