[Owasp-singapore] NUS' name being abused in malicious email

Wong Onn Chee ocwong at usa.net
Mon Mar 29 05:41:48 EDT 2010

Refer to
http://tools.cisco.com/security/center/viewAlert.x?alertId=20144, titled
"Threat Outbreak Alert: Fake Chinese Currency Report E-mail Messages on
March 25, 2010"

If your email server has enabled SPF (Sender Policy Framework), you can
see that the sending SMTP server does not belong to the legitimate list
of NUS outgoing email servers.

nus.edu.sg.        7200    IN    TXT    "v=spf1 a:smtp.nus.edu.sg
a:ims01.stf.nus.edu.sg a:ims02.stf.nus.edu.sg a:ims21.stu.nus.edu.sg
a:ims22.stu.nus.edu.sg a:mailgw01.stf.nus.edu.sg
a:mailgw02.stf.nus.edu.sg ~all"

Question: Has your organisation has enabled SPF checks and even added
your own SPF DNS record to protect others?

Onn Chee

More information about the Owasp-singapore mailing list