DFarran Posted March 6, 2020 Posted March 6, 2020 Good Afternoon, We are looking at trying to move away from using the @live.hornbill.com address for our outbound emails and want to us our own email address/domain. From reading the guidance it says we need to add an SPF record, when i passed this onto our technical architect he raised a potential security risk that this would allow any hornbill customers to send emails as if they were coming from our domain. Is this how it would be or is there anything in place to prevent this? Regards, Daniel.
Gerry Posted March 6, 2020 Posted March 6, 2020 @DFarran Hello Daniel, Thanks for pointing that out. Your TA is correct, technically this is possible but we do police this to make sure that does not happen. However, now you have raised this I am going to raise a change internally to look at how we secure this in a way that it would be impossible for a Hornbill customers to spoof another Hornbill customers domain, probably by requesting a "proof of domain ownership" record to be added to DNS which we can verify and lock the domain to the customers instance. Thanks, Gerry
DFarran Posted March 6, 2020 Author Posted March 6, 2020 Hi @Gerry, Thanks for the reply, is there anyway to be kept up to date with the progress of the change? I think our compliance manager will want us to hold off until there is something in place to prevent the possibility of spoofing so it would be good to see the progress. Regards, Daniel.
Gerry Posted March 6, 2020 Posted March 6, 2020 @DFarran Ok noted, we will post back here when we have some progress. Its likely to be 3-6 weeks from now Gerry 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now