We’re already at the end of January and I’m beginning to sense that there is going to be a consistent theme for this blog in the year ahead (as Matt Shanahan predicted in our recent post) – Cyber Security, and today we look at how to protect our email using SPF (Sender Policy Framework).
The message we have pushed on this blog, and will continue to do so, is protect, protect, protect! Protect yourself, protect your network and protect your employees!
Today, we’re going to look at a new form of security protection, known as Hard-Fail SPF that targets spammers.
Down the years, I’m sure we have all been subject to an email trying to get our data, whether it be from a Bank (that you don’t even have an account with), a Government (of whom you’re not even a citizen of) or a Retailer (that you have never purchased anything from). In fact it was just yesterday when a member of the Stream team was informed he’d won big on the Lottery and all he had to was send his bank details to a lovely lady called Nancy – lucky him!
Hard-Fail SPF has been developed to counteract increasingly advanced spam security threats such as “Spear Phishing” or “Spoof Emails”. These are emails that appear to come from legitimate sources, however, a spammer is secretly hiding behind these in an attempt of gaining sensitive information such as financial data. These legitimate sources could be any of the aforementioned banks, governments or could even be someone from within your own organisation.
The technology behind this is very clever and users won’t notice any impact on their system. Without blinding anyone with tech talk SPF is designed to validate the sending domain, for example @stream-networks.co.uk, against the sending email system or server. The two of these need to match in order for the email to be successfully delivered.
Whilst SPF has been about for a few years now, the latest development of Hard Fail SPF is designed to specifically target the advance in popularity of Spear Phishing and Spoof attacks.