CYNERGI
   
About us; PartnersPortfolio & major clientsFAQ, support & contacts
Português!Home
Web EngineeringWeb HostingWeb Consulting

Spoofing and phishing, no more


SPF is an emerging standard to protect you against some of the most common cases of social engineering attacks* (deceiving people).



Hosting with SPF

Family Hosting 
Reserve a domain name for your family name, create e-mail addresses for your children!

Professional Hosting 
With dual domain name included, pre-installed resources for Web development and professional Webmail with employee monitoring support. Includes one Web site template of your choice, for free.

Commerce Hosting 
With triple domain names and built-in EV certificate, these hosting accounts have everything you need to start a trusted electronic commerce site on the Internet. Includes two Web site templates of your choice, for free.

Server 
Adding full predictability to your hosting: a full dedicated non-virtual non-cloud* server with its own FQDN* and IP address* adds performance predictability to your site and reduces the chances that your sent e-mail messages are flagged as spam by recipients.

SPF in use

Since mid-2004 many of the big Internet companies immediately implemented SPF:
Amazon, AOL, EBay, Google, GMX, Hotmail, W3C, etc.

Implementation is gradual since it involves changes to existing systems and changes in some user habits.


  Order 

The end
of spoofing


Sender Policy Framework (SPF)* is a standard created in 2003 specifically to fight spoofing* – sending e-mails with forged sender address – and phishing* – sending forged e-mails to obtain sensitive and confidential information.

While SPF doesn't prevent a computer hacker from sending such messages, doesn't prevent you from receiving such messages and doesn't prevent someone from impersonating you, SPF does delete or give you a clear alert when you receive a message from a forged sender.

This is essential to make sure it is harder for your employees to be misled by spoofing and phishing and supplying your company's confidential data to hackers. It will also be harder for your clients to be misled or even you to be misled.

This minimizes the number of cases of industrial espionage and reduces the possibility of losing customers when your competitors illegally impersonate you.

Limited
phishing


SPF doesn't however completely solve the phishing problem. If you receive a message from a forged sender pretending to be your bank (e.g.: accounts@citibank.com) SPF deletes the message or gives you a warning. But if a hacker registers a domain name that is different but similar to "citibank.com", SPF correctly indicates that the sender is genuine. It is up to you or your employees to pay attention and note that the sender is similar to, but is not, your bank (e.g.: accounts@citybank.com or accounts@citibank-corp.com).

Even with digital signatures (which are cryptographic means of ensuring genuine sender and unchanged content), a hacker can still digitally sign a message sent from a domain that belongs to him.

The last line of protection is therefore educating your employees to understand the dangers and protect themselves.

How does
it work


All our hosting includes SPF to prevent anyone from impersonating you (or rather, to ensure that the recipient – if he supports SPF as well – never receives forged messages). You don't have to do anything, SPF is automatic.

However, what SPF specifically does is to tell each recipient which is the outgoing message (SMTP*) server list that your company uses. This way, any e-mail with your sender address sent by some other SMTP server is immediately discarded as a forgery.

For this to work properly, you should provide us with the list of SMTP servers you use. As long as this list is short enough, your domain will be programmed with the corresponding SPF records, ensuring that recipients stop receiving forged messages.

When an e-mail message is received by our hosting, SPF records are checked. If they fail, the message is immediately deleted. Our Webmail also supports SPF, alerting you if you receive a forged message.

The Webmail goes beyond SPF and also supports other similar standards (Sender-ID*, DomainKeys* and DKIM*) giving you maximum protection against cyber crime.

SPF is not
anti-spam


There are numerous Internet articles criticizing SPF. The vast majority of them criticizes SPF of not having stopped spam*.

This is poor understanding of the goals of SPF. SPF intends to prevent spoofing which was just one more way for spam to enter our e-mail mail boxes: the sender would pretend to be a well known party.

Nowadays, due to SPF, spam and phishing are easier targets of legal actions. Both forms of crime can be more easily prosecuted in courts. But SPF doesn't prevent them and never intended to prevent them.

Group Corebase