No Comments

Understand how criminals use your company name in emails and learn how to avoid this practice

Have you ever stopped to think about the possibility of having your domain being used to carry out scams and scams like, phishing among others? Or have you ever left by clicking on links sent by e-mail, like by your doctor, without even reading the content? This article is intended to alert companies, bosses, employees, or even the simple user. Well, due to a small system configuration, we can have the domain as the vector for various types of strikes. It is common knowledge that every day hundreds, thousands of people fall for scams, from email, one click makes all the difference, now imagine, that email having as its sender, the domain (ex: from your doctor’s office, from the company where you work, from a company that you have hired and awaiting a budget, because it is in this line of reasoning that criminals trigger emails using a small configuration detail that most of them are not done.


There is a technology called SPF – Sender Policy Framework, for those who have never heard of this technology, it is responsible for combating the falsification of return email addresses. This mechanism gives the domain administrator the possibility to define an SPF policy, which says which machine addresses are authorized to send messages on behalf of the same domain, it also allows the administrator of an email server, to establish several criteria to check the SPF.

That is, you who have no knowledge in the area, but who owns a domain should contact your support, and request a configuration of this technology, something very trivial, but that can avoid many problems.

If you have some knowledge, it is also not so complicated, but it is subject for another article, if you want an article about this configuration, leave it in the comments below. But we have through a Linux distribution, how to check if your domain has or not this configuration active and configured.

Let’s do some tests.

Through the command host –t txt domain, you can check the settings as in the example above, in this case we have your SPF configured. Translating, no one but me can use my domain to send email, that is, everyone is blocked.

In the example below, as well as millions of domains today, we unfortunately have something not advised, a full plate for criminals. Translating, no configuration, anyone uses my domain.

And we have several other types of configurations, as in the next example.

Translating the example above, my domain will be able to be used, but it will fall into the junk box.

It is important to take these settings seriously, as we will avoid known spam, as well as Phishing attacks.

As we saw in the cases above, we have a clause called ~all, this must always be on the right, and before it a prefix, which can vary by tooth (+, -, ~,?):

“+” Pass: means that the IP is authorized to send messages on behalf of the domain, and the consulted domain can then be considered responsible for sending the message, a dangerous example would be +all;

“-“ Fail: explicitly means that the IP is not authorized to send messages on behalf of the queried domain. This result can be used to reject the message or to mark it to be evaluated more rigorously;

“~” SoftFail: should be treated as an intermediate result between the fail and neutral levels. In this case, the domain consulted informs that it believes that the IP is not authorized, but that it cannot make a definitive statement. The message should not be rejected just based on this result, but it is recommended to subject it to other tests. Softfail has also been used to indicate a transient situation, in which the SPF is being adopted by a domain. In this case the messages will end up in the junk mail.

“?” Neutral: the domain owner cannot or does not want to define whether or not a given IP address is authorized to send messages on behalf of the domain. This result should be treated exactly as if there was no SPF record, and should not be evaluated more rigorously because of this;

It is still important to show some sites that can be used for cybercriminal practices, where misconfigured domains can be used and if they pass through reliable emails, such as:



The most important thing to remember is that the SPF is not the absolute solution to fight criminals, but it is a measure to be taken, so in conjunction with other solutions, the actions of fraud and crimes will be mitigated, as well as measures such as verifying your contacts. , testing the links on sites like VIRUSTOTAL, carefully reading the email content, among other actions, make this type of crime difficult.

For all these reasons, we will pay attention to these tips, especially if you are not only a common user but also the owner of a company, be it large or small, a manager, or even a potential target of a company, a military man, or as already also said a simple user, the one who at the end will click on the link sent by his apparently doctor.


Source: (

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.