Why?
> bored.
The issue:
> Alice connects to my server because she wants to send an email to bob@myserver.com
> She sets the FROM header to alice@gmail.com
> Says it's from Gmail
> I have no way to know if it actually came from Gmail
> Need a way to verify it
SPF:
> I ask Gmail for a list of IP addresses they send email from
> To get that info, I need to query the TXT record for the gmail.com domain
> I find "v=spf1 redirect=_spf.google.com"
> Another TXT record query for _spf.google.com
> I find "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
> Here we go again
> Query all three netblocks
> Finally get:
> "v=spf1 ip4:35.190.247.0/25 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all"
> Once I get the IP ranges, I can finally compare the sender’s IP
> this is how the SPF works
> now i used pydig to recursively gather the ip ranges
> compared it with the client ip
> implemented spf validation
> find it here
> https://github.com/naveen17797/simple-smtp-receiver/releases/tag/implement-spf
> No more forged emails
> Bye
0 comments:
Post a Comment