Competitive Antispam products, proper legislation, efforts towards a better user education, it has all been tried in order to stop spam. However, unsolicited emails keep consuming the space and time of all email users. Moreover, spam messages can be the cause of serious virus and spyware outbreaks, while others “phish” for sensitive information like bank accounts and passwords.
In a world where spam is bound to hold such an important position, methods of preventing it should also be given an increasing importance. Some of the easiest and most widely used prevention methods are host control solutions, Antispam applications and user education.
Host control is an easy way to ensure only valid emails reach end-users’ inboxes. Some well known methods are SPF (Sender Policy Framework), IP/email address-based lists (blacklisting, whitelisting and graylisting) and DKIM (Domain Keys Identified Mail Signature).
SPFThe Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. It protects the envelope sender address, which is used for message delivery. The envelope sender address is used during the transport of the message from mail server to mail server, usually not displayed to the user by mail programs.
Using this method, domains can publish details of their mail sending policy (called SPF records) on Domain Name System (DNS) servers. By using SPF checks to validate sender addresses, you can successfully prevent spam and back-scatter emails. Although an effective method of authentication and spam prevention, not all MTAs and ISP providers support SPF checks at this time.
DKIMDomain Keys Identified Mail Signature is an authentication method implemented by Yahoo and supported by Google, Cisco and Sendmail and has considerable chances of becoming the standard authentication method. It offers almost end-to-end integrity from a signing to a verifying Mail transfer agent (MTA). In most cases the signing MTA acts on behalf of the sender, and the verifying MTA on behalf of the receiver.
DKIM implies using a key pair consisting of a public key and a private one as follows: the signing MTA generates a public key, which is published in DNS, and a private key, used to digitally sign all the sent email messages. The verifying MTA retrieves the public key and compares it to the digital signature of the received email. If the key pair is a match, then the email is legitimate and is delivered to the receiver’s mailbox.
The wide use of DKIM can force spammers to show a correct source address. Thus other filtering techniques (such as collaborative databases) can be used to detect spam more reliably. Therefore, DomainKeys can make it easier to identify emails known to be legitimate and need not be filtered. The main benefit in such a case would be saving time and system resources.
The main disadvantage of DKIM is that email messages can be significantly modified in certain situations (e.g. when being forwarded by list severs), causing the signature to be invalidated and the message to be rejected. A solution to this issue would be combining DomainKeys with SPF, because SPF is immune to modifications of the email data.
*Article previously published in hakin9 StarterKit.