Learning Powershell

kasey.bawden

Prevent spoofing and get mail delivered

Ever had that fun moment at work when your boss is asking why his email is telling the business department to send a bunch of money to people and it’s from his email address. You might think Oh man they were hacked we need to do XYZ so you purge everything wipe his machine and it happens again next week and you can do this again and again or you can setup DKIM and stop the spoofing.

Well I am sure you don’t want this to happen either, so stop someone from spoofing you a couple of steps you can take in fighting against the spoofing battle is SPF and DKIM.

Oh yeah it has an added bones by setting these up, your emails will be delivered because they are clearing all of the safety checks.

SPF stands for Sender Policy Framework.

v=spf1 include:spf.protection.outlook.com -all

Is an example of a bad one, and by the way if you have two SPF records fix that, you only want one, but Kasey I have two, and I was told to add another SPF so we can send from our on prim system.

That is quite okay, add in your IP into your SPF, this is Microsoft SPF record.

v=spf1 include:_spf-a.microsoft.com include:_spf-b.microsoft.com include:_spf-c.microsoft.com include:_spf-ssg-a.microsoft.com include:spf-a.hotmail.com ip4:147.243.128.24 ip4:147.243.128.26 ip4:147.243.1.153 ip4:147.243.1.47 ip4:147.243.1.48 -all

Now that you have seen two good ones and know that you should only have one record let’s start talking about bad things people do that cause their email to not get delivered.

v=spf1 include:spf.protection.outlook.com ~all

v=spf1 include:spf.protection.outlook.com -?

Are examples of the two problems I see most commonly or no record at all, these two will commonly work, but so will diesel in a gasoline car, are you going to have problems doing that for sure, but it will work.

Go to SPF and DKIM checkerand put in your domain name and then if you want to see if you have DKIM setup type in selector1, then selector2

It will return the values for both. SPF and DKIM, that is if you have DKIM setup, if you don’t it will say under the DKIM check No DNS record found for selector1._domainkey.example.com if you do have DKIM setup it will give you the info and it says We were not able to retrieve the key length, there is maybe an issue in that key don’t worry about it, says it every time even with Microsoft.

Here is aTechnet link for an article about SPF records if you would like to do some more reading about them.