“Don’t be afraid of being different, be afraid of being the same as everyone else.” – Unknown.
The very first email was sent about 45 years ago, in 1971 by Ray Tomlinson. Tomlinson is internationally known and credited as the inventor of email. The Internet Hall of Fame in account of his work commented “His email program brought about a complete revolution, fundamentally changing the way people communicate”.
Fast forward 45 years…
Over the last two decades, email has indeed revolutionised the way we communicate.
Email is abused every day in the form of spam or phishing emails which may distribute viruses, malware, spyware, ransomware or attempt to steal information by disguising as someone else.
Make the Internet work better.
The Internet is best defined by Wikipedia as a global system of interconnected computer networks to link billions of devices worldwide. Every server on the internet can make the internet work better by following some standards to prevent abuse.
What most don’t know of, is the existence of Internet Engineering Task Force (IETF). IETF develops and promotes voluntary internet standards with the mission to make the Internet work better. These internet standards are published as RFC’s which stand for Request for Comments.
35 years after the first email, IETF published RFC 4408 in 2006 which describes Sender Policy Framework, commonly known as SPF. The original SPF document was then replaced by another version RFC 7208 published in 2014.
Sender Policy Framework (SPF) is amongst the widely adopted ways of preventing email abuse.
So, what does SPF do?
SPF is a simple email validation system designed to detect email spoofing and provides a mechanism for email servers to check the incoming email to verify whether it originated from a trusted source.
It allows your domain name administrator to publish your authorised email source servers, and provides a way for receiving email servers verify the email origin. It then evaluates the test and produces results such as Pass, Neutral, Fail amongst others and lets the servers email policies decide what to do.
Anyone setting up or managing an email server needs to set some sort of policies. These policies help protect the email system from abuse of resources. Luckily, most of these policies already come bundled in with the mail server software including Exim and Microsoft Exchange Server or hosted services such as cPanel hosting, Office 365 and Google Apps for Work.
However, SPF fail policy needs to be configured. There are 3 choices:
- Reject the email (recommended)
- Accept and deliver the email with additional actions (move to Junk Mail, change the subject line, and so on)
- Accept, but delete the email (not recommended)
This is well documented in Appendix G2 of RFC 7208.
What is the best way to handle unauthorised email messages?
The most logical way to handle unauthorised email messages (SPF fail) is to reject it before it is received. This protects the system from unnecessary handling of incoming email including data transfer of the email content as well as other processes such as spam filtering and email delivery.
Doing this, also notifies the sender that their email was rejected because it failed SPF check and, if the sender is legitimate, they will appropriately rectify their systems.
Can someone spoof my emails, even after deploying SPF?
Yes, someone can still spoof your emails. SPF does not define the standard of sending email itself, but rather a standard for checking if the sender server is trusted.
Prevent unauthorised emails to go out in the first place.
It’s unfortunate to see many servers allow emails to be sent without authentication, either through website scripts or SMTP. Any email that goes out from an email system should be authenticated to prevent abuse. Doing so makes it easier for system administrators to block that user in the event of a SPAM outbreak.
At Extreme Web Technologies, we block a simple PHP mail function that is commonly used to send out unauthenticated emails. It is widely used in contact forms. When a website is compromised, a spammer can leverage that function to send out large volumes of spam email.
We also properly reject emails that are not from a trusted source. I have come across some email servers that do not have the appropriate reject policy set for SPF failure. They are putting their users at risk of receiving spoofed emails from untrusted sources.
I hope that future RFC revisions will be in favor of rejecting the email message, instead of allowing the option for it to be handled by email policies. Till then, the best way to prevent email abuse is to use a strong SPF record, and have DKIM setup too, host your emails & website with a professional hosting company and HOPE that the recipients use a mailserver with realistic mail policies!
This blog post was written by Mohsin Sumar (@mohsinsumar) who is the co-founder and CEO of Extreme Web Technologies. Mohsin with his Customer Happiness team constantly strive to deliver top notch quality web hosting in Tanzania.
Image credits: Background vector designed by Dooder – Freepik.com; modified by Mohsin Sumar.
One of our customers had a unique challenge of moving web servers. Their site was huge, with one directory having over 200GB of images. They opted to do a partial migration, copying over the website as is first before the final switch over.
The final switch over required to copy over only the latest files created or modified after a particular date.
The most efficient way would have been the rsync utility. Unfortunately, this was not an option as we did not have SSH access on the new service, so we had to find an alternate way.
The objective was simple;
- Find the files
- Archive/compress them
There are two commands that required to be run, the first one was to search for new or modified files after a particular date and the second one was to create a tar file.
The dry run command looked like so:
find /path/to/folder -type f -newermt '2017-04-01T00:00:00' -print0
Let’s break this down:
- find /path/to/folder
- This defines where to search
- -type f
- We’ll be looking for files only, recursively.
- -newermt ‘2017-04-01T00:00:00’
- The date from where we want to search from
- This outputs the files so it can be piped into the tar command
For the second objective, we piped in the tar command to accept the output from the first. This would be appended to the original command.
- | tar -czvf /backup/archive-name.tar -T –
- Begin piping into the tar
- The tar will compress and output the progress (verbose)
- -T – takes in the files to archive from the previous output
Here is the final command:
find /path/to/folder -type f -newermt '2017-04-01T00:00:00' -print0 | tar -czvf /backup/archive-name.tar -T -
I hope this will be useful for anyone with a similar requirement.