Have you received e-mail from Charles Michel lately?

09.11.2017

There has been a great deal of commotion recently in the Netherlands about spoofing, in particular about the technique used to send e-mails from someone else’s e-mail address. A research platform disclosed that there was something wrong with the security of  TweedeKamer.nl the domain of the lower house of parliament. E-mails sent from there are relatively easy to forge. 

The same applied to websites of ministries and energy companies. Just days later, it turned out that several federal and Flemish domains such as fgov.be are susceptible to the same problem, and that it is not difficult at all to send e-mails that purportedly come from prime minister Charles Michel, for instance.  

How do you arm yourself against e-mail spoofing?

Jeroen Baert, a computer scientist at the KU Leuven, investigated the matter and found that there are in fact ‘false’ e-mail addresses, identical to those of prime minister Charles Michel, minister of the interior and security Jan Jambon and state secretary Theo Francken.  

With correct settings, the ‘real’ e-mail server checks whether someone is authorized to use an e-mail address as a sender, but this protection may be set poorly or not at all.  

To counteract e-mail spoofing, the recipient or organization can validate the sender’s identity. This is called e-mail authentication. Various techniques have been developed over the years for that purpose.  

Sender Policy Framework

Sender Policy Framework (SPF) is one of the techniques used to counter spoofing. As the registrant, you use it to indicate which mail servers can send e-mails on behalf of that domain name.

The SPF record is a sort of recommendation from the domain name owner to the recipients of his e-mail. The message contains information about the mail servers that are authorized to handle outgoing mail for that domain. It is added as a TXT record to the DNS zone concerned.

SPF has the advantage that it requires few resources for outgoing e-mail and enables recipients to filter e-mail for spam and phishing mail. Those who have set SPF for their domain names can rest assured that no spam will be sent from those domain names and thus avoid damage to their reputation.

Hardly recognizable 

If these measures are not taken, it is hard for recipients to see that an e-mail is forged, for a valid e-mail address is shown in your inbox. The attacker has no access to your PC as a result, but can however mislead you to click to a link where a virus lurks or to a form in which personal data have to be entered.

Because it seems to be a valid e-mail address, there is a greater chance that people will fall for the trap. However, an alarm bell should already go off when you get a personal e-mail from Charles Michel.

phishing

Tricksters lure you to a fake website that is a copy of a real one. They then get you to log in with your user name, password and credit card number. Once you’ve done that, the fraudster has your details.

server

A computer program or hardware device that provides services to other computer programs or users.

registrant

Domain owner, person who holds a domain name.

SPAM

Collective term used for unwanted e-mail messages.

Spoofing

the stealing of a computer’s identity. By making some technical adjustments, a computer is able to intercept all traffic from and to another computer. In this way the computer 'in the middle' is able to "eavesdrop on" the communication between two computers.

DNS

Domain Name System or Domain Name Server. The global DNS is the system and protocol used on the internet to translate domain names into IP addresses and vice versa. 
Security