Ciphertrust adds support for SPF anti-spoofing

CipherTrust's IronMail 4.0 now supports Sender Policy Framework (SPF), which authenticates e-mail senders and blocks spam before...

CipherTrust's IronMail 4.0 now supports Sender Policy Framework (SPF), which authenticates e-mail senders and blocks spam before it is sent.

E-mail using spoofed internet domains often play a role in so-called "phishing" schemes, in which unwitting internet users are led to web pages that look like legitimate online businesses, but are actually scam sites designed to harvest personal information such as user names, passwords and credit card numbers. 

SPF allows internet domain administrators to describe their e-mail servers in an SPF record that is attached to the DNS (Domain Name System) record. Other internet domains can then reject any messages that claim to come from that domain but were not sent from an approved server, said Meng Wong, independent antispam researcher and primary author of the SPF protocol.

Unlike spam filters, the SPF technology allows e-mail gateways to analyse the e-mail envelope, a wrapper for the message that is transferred between mail servers before the full message is sent.

Messages that do not come from a valid server at the domain are dropped before any message content is sent, saving on bandwidth and computing resources.

CipherTrust added an SPF registry to the IronMail 4.0 correlation engine, known as the Enterprise Spam Profiler (ESP), which allows the IronMail appliance to match the e-mail envelope back to published SPF records on the internet, said Paul Judge, chief technology officer at CipherTrust.

The appliance uses SPF matching as part of the ESP rating assigned to each e-mail record. A failure to match on an SPF record may or may not result in the message being dropped immediately, depending on other factors.

CipherTrust's adoption of SPF is encouraging to Wong, who said that more than 7,000 internet domains have already published SPF records, including America Online, companies such as AltaVista and Ticketmaster and universities.

The widespread adoption is particularly impressive because an official internet draft for SPF was only published this month and the technology has just begun the process of obtaining official Request for Comment standard status, he said.

"This is just a formalised version of what a lot of people are already doing. A lot of domains already check mail that's coming from Hotmail or Yahoo to see if its coming from actual Hotmail or Yahoo machines," Wong added. "SPF is just giving everyone an open, standardised way of doing what they already want to do."

CipherTrust IronMail 4.0 with SPF support is available now.

Paul Roberts writes for IDG News Service

Read more on IT strategy