今天早上我收到一封networking钓鱼电子邮件,似乎是从我的一个地址发送给自己的。
看着标题,我发现了一些有趣的东西。
DomainKey-Status: no signature X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mydomain.com X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,HTML_MESSAGE, HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MISSING_MID,SPF_PASS autolearn=no version=3.2.5 Received: (qmail 10412 invoked by uid 110); 6 Aug 2012 09:59:17 -0400 Delivered-To: [email protected] DomainKey-Status: no signature Received: (qmail 10390 invoked by uid 110); 6 Aug 2012 09:59:17 -0400 Delivered-To: [email protected] DomainKey-Status: no signature Received: (qmail 10373 invoked from network); 6 Aug 2012 09:59:15 -0400 Received-SPF: pass (mydomain.com: domain of surewest.com designates 212.61.84.249 as permitted sender) client-ip=212.61.84.249; [email protected]; helo=d84249.iae.nl; Received: from d84249.iae.nl (212.61.84.249) by yetAnotherOfMyDomains.com with SMTP; 6 Aug 2012 09:59:14 -0400 Date: Mon, 6 Aug 2012 14:27:38 +0100 From: <[email protected]> To: <[email protected]> Subject: Your Federal Tax Payment ID: 8716780 is failed X-Mailer: foljo MIME-Version: 1.0 Content-Type: text/html; charset=Windows-1252 Content-Transfer-Encoding: 7bit 好的,首先,212.61.84.249是一个IP地址,如果您访问IP地址,您将获得一个LaCielogin页面。
接下来的域名surewest.com ,是美国中部的digitalTV / ISP。
但是让我感到特别的是这条线:
Received-SPF: pass (mydomain.com: domain of surewest.com designates 212.61.84.249 as permitted sender) client-ip=212.61.84.249; [email protected]; helo=d84249.iae.nl
我的SPFlogging在我的服务器上正确设置,所以;
他们在世界上如何欺骗一个有效的SPF在surewest.com为我的域名是不确定的?
我能做些什么来防止这种情况再次发生?
您的SPFlogging将世界上的每个人都指定为允许的发件人:
"v=spf1 mx:... +all"
+all是重要部分, +是指“允许”, all意味着“整个互联网”。 他们不需要欺骗任何东西,他们的邮件根据你的SPFlogging是有效的。 试试吧,相反。