Domain Name Whitelisting Allows Spam to Pass Undetected

Security company Network Box, which recently conducted a study, reveals that organizations generally whitelist their individual domain names which make spam hard to spot, as spammers can make their messages appear legitimate with whitelisting.

Describing a whitelist, security specialists stated that it is a catalogue of domain names or e-mail addresses from which e-mail spam filter would allow inbound e-mails to pass through. This program helps to stop unsolicited e-mails/spam from arriving in users' inboxes.

Meanwhile, the practice of whitelisting personal domains is common among organizations that prevent legitimate e-mail from being handled as junk or spam. However, in December 2008, Network Box began to observe a surge in spam messages that forged the e-mail ID of the recipient, or pretended to be a message from a colleague. These e-mails apparently contained links connecting to IM services inviting the recipient to chat.

Further, according to the study, almost 20% of the total spam mimic the recipient's domain name, up from merely 1% in June 2008.

Commenting on the problem, Internet security analyst Simon Heron at Network Box said that until the latter part of 2008, domain name mimicking was not a great problem. But now it has grown to a rate of 20%, which is pretty high, as reported by SCMagazine on February 16, 2009. Heron suggested that organizations using whitelisting should remove personal domain names from the list and consider alternative methods to prevent false positives.

To remain guarded from the problem, Network Box suggested one solution is using SPF (Sender Policy Framework), a method that uses a space within the DNS record to specify all the Internet Protocol addresses from where a legitimate e-mail would arrive.

Therefore, if a person in London receives an e-mail from a colleague in Singapore, the mail server of the recipient would verify if the IP address from which it gets the e-mail belongs to the sender's SPF record. This confirms that the message is not a spoofed e-mail and thus it gets delivered, Network Box explained.

Related article: Domain Kiting and Typosquatting – New Dangers of Malware

» SPAMfighter News - 26-02-2009

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial