emailsecurityspfphishing

How to correct a misconfigured spf record to stop sending phishing or spam emails from our domain by attacker?


I got this email recently that speaks about vulnerability issue with our email because of misconfigured spf record. Please find below the actual email.

Is this really an issue? How to address the issue?

Please help someone. Thanks

This report is about a misconfigured spf record flag , which can be used to abuse the organization by posing the identity , which allows for fake mailing on behalf of respected organizations .

About the Issue : As i seen the SPF and TXT record for your site which is : v=spf1 mx ~all
as u can see the symbol at last which Tilde (~all) is the issue , which should be replaced by Hyphen (-all) symbol.

So valid record will be look like : v=spf1 mx -all

What's the issue : As you can see in the article difference between Softmail and fail you should be using fail as Softmail allows anyone to send spoofed emails from your domains.

In the current SPF record you should replace ~ with - at last before all , - is strict which prevents all spoofed emails except if you are sending.

We checked with our hosting and he said there is no issue and nothing to fix. But we are puzzled with this email and yes, we receive emails from our own domain and definitely its an issue, if someone sends such random emails to others through our domain.

So I want to know if the email I received is describing an actual issue? How to address the issue?

Please help.


Solution

  • Your question would be better received at ServerFault.com forum.

    That said, receiving servers will determine how they will handle SPF fails, including 'softfail'. Good to know is that SPF authentication will break with mailing lists and auto-forwarding rules and ~all might actually be preferable.

    However, SPF does NOT authenticate the domain seen in the FROM field in your email client, so neither ~all nor -all will protect your domain against spoofing and you should look into DMARC (and DKIM for forwarding survivability) for protecting your domain against spoofing.