Tag Archives: mail server

SPF – Sender Policy Framework an Antispam solution

The Email Administrator has to implement SPF filtering on the mail servers and create SPF records for your mail server. SPF is the acronym for Sender Policy Framework and is an open standard specifying a technical method to prevent sender address forgery. SPF protects the envelope sender address giving the opportunity for a mail server to check if an email message is originating from a valid source and not from a forged source.
The technology requires two sides configuration:
(1) The domain owner publishes an SPF record in the domain’s DNS zone.
(2) The receiving server checks the message against the SPF record policy in the DNS zone.
The receiving mail server then can accept or reject the message based on the compliance with the domain’s stated policy. If the message comes from an unknown server, it can be considered a fake.
The SPF will help tremendously against spoofing. Email Spoofing means faking the source of an email message so that it appears as coming from a different source. This will avoid a lot of messages that appear to come from your address but you never sent. More about spoofing on this Wikipedia article: http://en.wikipedia.org/wiki/E-mail_spoofing

Email address Spoofing – Someone is Using My address to Send Spam

Someone is Using Your Address to Send SPAM

You just got a bounce-back email saying that your email didn’t reach the destination because the recipient doesn’t exist. Nothing unusual, this is something that happens to anybody who is using email regularly; except you didn’t send that email. How could this happen? If you are an email server administrator and many of your users get this kind of bounce-back they all start to complain at once, thinking that your server has been hijacked. What can you do to stop this, and how to reassure your users that you haven’t been hijacked?

Sender Address Forgery known as email address spoofing is not a new technique. It is used for many things from spamming organizations to sending viruses and supporting scamming schemes where the sender fakes his identity.

Effective ways to stop Spammers to Use Your Domain Name

Publish SPF Data
SPF (Sender Policy Framework) is a method that allows you to publish which mail servers are authorized to send email for your domain. SPF uses a DNS record that tells email servers which servers are the servers that are trusted sources of email for the specific domain and how much to trust other sources of email originating from that domain. Destination servers might have the SPF checking implemented or not. Many of the today’s servers are SPF checking enabled.
Destination servers check this record and act in consequence. Anti-spam software on servers receiving emails, score an email based on SPF record and other criteria and accept or reject the email based on the total score. For instance if the SPF record tells that any emails originating from non authorized servers should not be trusted the email gets the necessary points to be treated as SPAM and it gets rejected. If the SPF record treats the non authorized servers neutral the message could pass or could be rejected if other it contains other SPAM characteristics.
Do not publish any email addresses on Web pages. This is the most common place for spammers to get valid email addresses and use them to forge email messages

If your company runs its own mail server configure it to ignore email sent to non-existent addresses in your domain. If your server sends a non-delivery report you reveal to a spammer valid addresses in your domain (the ones that don’t send NDRs). This attracts spam to those addresses. You waste bandwidth. The most common reason to send NDR’s for non-existent addresses is to let people know that they misspelled the address. Miss-addressed email can get lost easier.

If your domain gets blacklisted because of spoofing you have to contact the list which blacklisted you and show the Administrator what you did to correct the problem. This is very unlikely since the sender usually spoofs only the email sender and not the server’s address. A blacklist Admin should be able to figure out this.

How to Improve Internet speed at your Business

How to Improve Internet speed at your Business

If you are a Business owner or a System Administrator and the Internet connection is an important piece of your business, you probably know how difficult it is sometimes to keep a good balance between the real needs and the perfect Internet Connection.

Most of the times the first impulse is to make a connection upgrade and many times, this is the right step. Sometimes however we can improve a lot the Internet usage without upgrading. This article will show you what to do to improve the Internet speed without upgrading.

What is the Root Cause of your Slow Internet

Determine if the problem is the Internet Connection Bandwidth.
Many times the problem is the computer or the Local Area network. If your network was installed by your cousin or a friend who “New How to Do IT” it is likely that this is your problem. Check this article to learn “How to Troubleshoot a Slow Network.”(coming soon)
Use an Internet Connection Speed Test and determine if the connection performs at parameters.

Implement policies for the Internet use.

Very often companies don’t have a policy for Internet usage and employees abuse it and use it for personal use.
Educate employees about the day to day operations.
Many people don’t know what is acceptable to do and not to do on Internet. For Instance listening radio over Internet is a total waste if you don’t have huge bandwidth. Internet phones take a lot of bandwidth use whenever possible a regular phone. Video streaming are big bandwidth consumers. Users sometimes download files two or three times just because they don’t know where that file goes after the download. Many times they don’t even have the right to install or the file is already saved on an internal server. Sending files as attachments is another common mistake, especially if your mail server is hosted outside the company. Users will always prefer to send files via email than via a file server. A 15 Mb file will generate an Outlook message of around 18Mb. This 18 Mb will be uploaded to the email server which is the more painful operation on an asynchronous DSL connection (download is 3M but upload is 800K), and then will be again downloaded. If this email is sent to a few people imagine the connection bottleneck created.

Using a Caching Proxy could save you Money

If after all of the previous steps your business is still too slow you can implement a Caching Proxy. A Caching Proxy Server is an extremely useful tool to optimize Internet connection utilization and security. A Caching Proxy Server will cache the most used data and then serve it to its next client from the local copy rather than the Internet. A proxy will increase security in the company by providing an additional layer between the client and the Internet. It will help you enforce policies and control Internet Usage. It is also a great tool to log the Internet activity of your users. The downside of a proxy server is that is not easy to administrate, it needs an IT professional.

Caching Proxy Software

Two of the most used Caching Proxies are Squid and Microsoft ISA Server. Both of them are great tools extremely customizable and flexible. ISA Server is a rather expensive product but it has the advantage of a visual administration interface. On the other hand Squid is free software, but it needs command line administration. Another major advantage of Squid is that it doesn’t need too much hardware resources, and if configured properly can deliver excellent services.

A good companion for squid is a Content Filter. A content filter is a program that filters the access to Internet based on rules specified by the Administrator, public lists of known offensive websites and heuristic analysis. Two good content filtering programs are DansGuardian and SquidGuard.

Your Internet Usage Policies have to be Relaxed

As a closing paragraph I would recommend to keep a balance between business and personal use depending of the nature of your business. My experience showed that an extreme restriction would deteriorate the work climate and make your employee unhappy. On the other hand security and control of Internet Access are a very important factor and employees should understand this.