It appears you have not yet registered with DEVPPL. To register please click here... (it's fast, easy and free!)

Forum

Log In Sponsors
Partner Sites


ThatBigForum
Board index For Webmasters Webhosting Services Forum

Help preventing Spam: Add a SPF-Record on your domain!

Discuss everything about webhotels.
Post a reply

Help preventing Spam: Add a SPF-Record on your domain!

Postby leonard on Fri Mar 07, 2008 11:07 am

Hi all

As you surely know, email-spamming is becoming a big problem.
With the new SPF (Sender Policy Framework) standard, every domain owner can now contribute in reducing spam.

SPF is an email rule for your domain.
If you do not send emails from your domain, you can announce that by doing this:
Go to your domain-name services at your DNS-provider and add the following TXT record:
v=spf1 -all

Why does this help?
Spammers usually send emails from infected PC's (or open-relay MTAs), lets use the IP-example 111.111.111.111 (= IP address of the sending spammer).
But they send the spam for any email address, example the spammer pretends to be you@yourdomain.com.
The receiving mailserver (MTA) however does not know that IP-address '111.111.111.111' is not authorized to send emails from @yourdomain.com.
However if you set an SPF policy for yourdomain.com, the receiving mailserver can check the policy and will see that nobody is allowed to send emails in the name of yourdomain.com. The receiving mailserver is then able to "obay" the email-policy of your domain and knows it can reject the spam-mail.

If you send emails from your domain, you may add the following TXT record to your domain-name:
v=spf1 +a +mx -all

This rule says:
    -> v=spf1: this marks the start of the SPF-rule

    -> +a: If the IP-Address of the sending MTA is the one of your domain (DNS A-Record) the mail should be accepted.

    -> +mx: If the IP-Address of the sending MTA is one of your defined MX-servers (DNS MX-Record), the mail should be accepted.

    -> -all: If the IP-Address of the sending MTA is any other than listed above, the mail should be rejected.
    With this "-all" you can block unauthorized MTA's sending emails from your domain.
    Of course this only works, if the receiving MTA checks your SPF-rule. My mailserver for instance does.


It only costs a few minutes to make an SPF policy for your domain.
It is also in your own interest that no spam is sent from (e.g. in the name of) your domain. For more details see http://www.openspf.org

If anything is unclear pls ask, I will be happy to answer.
Prevent spam!

cheers!
- leonard
:%s/^M//
There are 10 kinds of people:
Those who understand binary and those who don't.
User avatar
leonard
100+ Club
 
Posts: 147
Joined: Tue Dec 18, 2007 8:11 am
Location: Switzerland
Top
Post a reply

Who is online

Users browsing this forum: No registered users and 0 guests