A few months ago the Government of Mauritius email security issues triggered a hot debate. I actually ran a live demo during an event showing how Government emails can be forged. Every now & then the topic sprouted across IT debates.
The news of gov.mu equipped with DKIM & SPF brought a smile today ( :
These are long awaited security mechanisms and a positive attitude towards encouraging a better IT infrastructure in Mauritius. When I reached home I also noticed the topic was being discussed on the MIU (Mauritius Internet Users) mailing list, where Ajay provided further details.
On my end, I triggered a « password reset » on the Government Portal to receive an email. Indeed, the header now shows that the email is DKIM signed.
I replaced some of the characters by asterisks on purpose ^^,
Now, since I still have my demo machines I fired up a session & tried forging an email like firstname.lastname@example.org. Let's see how the header looks this time.
Notice it says
Received-SPF: fail and
spf=hardfail. It specifies that my IP address isn't designated. Therefore such forged emails will now be thwarted by spam filters.
Implementation of DKIM and SPF is a positive step by the Government towards contributing a better IT infrastructure in Mauritius. Cheers to everyone who raised the issue at various levels ^^,