• Increase font size
  • Default font size
  • Decrease font size
Web Development : Knowledgebase : Email : Setting Up SPF DNS Records

Setting Up SPF DNS Records

What Is SPF?

SPF, or Sender Policy Framework, as a basic DNS level security check on email to help eliminate spam.

Email on the Internet is not secure. It is easy to "spoof" an email to make it look like it came from someone else. What you can't fake is the IP address of the person actually sending the mail. SPF uses public DNS records to validate if a machine is authrorized to send email for a given domain.

When an email is send, the receiving server checks the IP address of the sending server to see that it is an "authorized" email server for a given domain. When the email is received, the receiving email server does a DNS lookup on the domain that the email claims to be from. Specificlly, it looks up the SPF record. The SPF record is a TXT DNS entry that lists the servers who are "authorized senders". If the server isn't in the list of authorized senders, it is considered to not be genuine (assuming that the sender has SPF setup.)

 

Who's Using SPF?

SPF can significantly cut down on spam with a simple little check. So, actually a lot of the big email hosters are using it.

MSN, Yahoo and GMail all check SPF records, and a lot of major spam filters weigh heavily on SPF.

 

How Do I Setup SPF?

SPF is very simple to setup. All you have to do is login to your domain registrar, or who ever is managing the DNS for your domain, and add a simple TXT (text) record to your domain.

 

Some Examples of Simple SPF Records:

v=spf1 mx -all

The MXes listed for the domain are allowed to send mail for the domain, prohibit all others.

v=spf1 -all

The domain sends no mail at all. Don't accept anything from this domain.

"v=spf1 ip4:192.168.0.1/16 -all"

IP Range. Allow any IP address between 192.168.0.1 and 192.168.255.255.

v=spf1 a -all

Check the current domain. If that's us, it's from us. This is a nice simple one that I use a lot.

v=spf1 a:mail.example.com -all

Great for a didicated email subdomain. mail.example.com is your email server and handles all email for your domain. Where, mail is an A record for mail.example.com.

v=spf1 +all

This one, basiclly says anyone can send email for us. This is an example of what NOT to do.

 

More Information

For more information about SPF visit the Open SPF website. They have a handy SPF record builder.

 
Sunday, 11 November 2007
Posted By: Cory S.

Advertisement

 

 

Popular

Latest Pages