Shulou(Shulou.com)06/02 Report--

Recently, the company has received a lot of phishing emails from spoof.

Some are easy to identify, showing a user name with the same name, but the email obviously belongs to another domain name; I've set a rule to filter this.

Https://blog.51cto.com/beanxyz/2326244

Some emails disguised as internal emails are sent through public SMTP servers. These public SMTP servers are not in our authorized IP address and cannot be verified by SPF. Fail or none will be marked in the header header file. In Office365, by default, even if the SPF fails, it is still sent to the user, which often causes panic to the user, thinking that the mailbox has been stolen or the password has been lost. In view of the second situation, we can not block all the failed SPF, so it is too easy to accidentally hurt legitimate emails, so I set the following rules for filtering.

To put it simply, all the emails that are not set or failed by SPF are forwarded to me for approval and manual judgment.

Of course, you may receive more emails in the first few days. If it is a legitimate email, you can either join the except list, or after reading the header file, modify the corresponding DNS record and add a legitimate SPF IP record. After about a week, there are basically no mails of manslaughter.

So how do you read the header file of the email? I usually copy and paste the header file of the email directly through an online analyzer, such as https://mxtoolbox.com/EmailHeaders.aspx.

Click the properties of open mail in Outlook to copy internet headers.

Paste it into the link above and click analyze header

As a result, you can see authentiation-results at the bottom, which is what we use to determine whether we have passed the verification of SPF. The example here shows none, indicating that the domain name does not have a corresponding txt record configured.

It is easy to configure spf txt records. For example, the screenshot below is configured in goDaddy. After being configured, you can query through mxtool.

Search any domain name randomly.

In this way, you can effectively avoid phishing emails and accidental injuries caused by across-the-board (such as directly setting spf hardfail).

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.