Nearly 20 per cent of all spam now forges the domain name of the recipient – ie looks as though it comes from the recipient, or someone in their company – according to analysis by Network Box. This has increased from just one per cent in June 2008. As a result, companies should not whitelist their own domain names.
It is common practice for companies to whitelist their own domain names, in order to avoid “false positives’ – genuine email being treated as spam. But in December 2008, Network Box started seeing a wave of spam that mimicked the recipient’s email address, or posed as an email from a colleague. These emails included what looked like links to IM services, and an invitation to chat.
One of the solutions to this problem is to use Sender Policy Framework (SPF), which uses a field in the DNS record (the system that translates domain names to IP addresses). This field defines all the IP addresses that an email from a legitimate sender will come from. So, if someone in Singapore sends an email to a colleague in London, the recipient’s mail server in London then verifies that the IP address it receives the email from is in the SPF record of the sender. This indicates that the email hasn’t been spoofed, and so the mail is delivered.