Linux Support, Hosting & Security Hertfordshire

Thursday, 7 May 2009

HOWTO: fight spam backscatter using SPF

We all hate spam/spammers and receiving loads of backscatter (rejection emails from other servers) from spammers faking your email domain when sending their spam is a pain we could all do without.

Well SPF (Sender Policy Framework) is there to help.

"SPF makes it easy for a domain, whether it's an ISP, a business, a school or a vanity domain, to say, "I only send mail from these machines. If any other machine claims that I'm sending mail from there, they're lying." - SPF Site

Its as simple as adding some DNS records to your domains which allow email servers to check what addresses are allowed to send emails.

There is even a wizard to help with the creation of these spf records @ http://old.openspf.org/wizard.html However we found that this wizard created records which were not quite right for our domain and resulted in some resolution failures. But the syntax to create your own is quite simple and is well documented

Lets look at a simple example. Let say you only want to allow emails from example.com to come from 123.123.123.123 IP address. The dns line would look like;

Tiny DNS Server

'example.com:v=spf1 ip4\072123.123.123.123 -all:3600

BIND DNS Server

example.com. IN TXT "v=spf1 ip4:123.123.123.123"

Once you have setup your SPF record, you can test its working by sending an email to check-auth@verifier.port25.com . You will then receive a report in reply with the test details which include your SPF data.

No comments:

Post a Comment