Sender Policy Framework (SPF) tackles email address forgery. Without SPF it is very easy to send e-mails using someone else’s email address. Often you get spam from yourself – this is because the spammer puts your e-mail address as the sender.
In order for SPF to work you need to publish a list of IP addresses that are used to send e-mails to other users on the Internet. When you send an email to someone else on the Internet your SMTP server connects to the recipient’s SMTP server, which knows the IP address of your SMTP server. The recipient’s server can compare this IP with the published records in the DNS for your domain. This is how the recipient’s server can find out if the email was sent by your server or someone posing to be a user on your domain.
SPF can stop spam to a certain extent. Although spammers can still send you unwanted e-mails, they will be forced to use their own domain. SPF can effectively stop viruses or worms from an infected machine that send out thousands of message to everyone found in your address book.
Follow the steps below to publish SPF records.
Once your DNS contains necessary SPF constructs, any server can query it to find out what IP addresses should your email come from.
For the purpose of this example let us assume the following is true:
Your domain name is: | mydomain.com |
Your e-mail is handled by: There are 2 MX records defined in the DNS | 199.199.199.1 199.199.199.2 |
Your web address is: This refers to your A record | 199.199.199.3 199.199.199.4 |
Other SMTP servers on your network: | 199.199.199.5 199.199.199.6 |
No other servers are used to send out e-mails for “mydomain.com” |
You can enter the following SPF record, which is a TXT record in the DNS like:
"v=spf1 a mx ip4:199.199.199.5 ip4:199.199.199.6 -all"
This entry tells the recipients SMTP server that an email where the sender’s address contains “mydomain.com” can only come from certain IP addresses. If any other IP address is used to send message the recipient can reject it.
Each element in the SPF string is separated by a white space. The table below explains what each entry means.
v=spf1 | This is the version of SPF |
a | Signifies that email can come from any IP address listed as an A record in the DNS |
mx | Signifies that email can come from any IP address listed as an MX record in the DNS |
ip4:199.199.199.5 | Email can also come from these IP addresses |
-all | This means that email can only come from these IP address. If any other IP address is used the recipient should reject it. Click here for other possible values for this field. |
This Document is provided by ITA Networks, home of your total email security solution Spam Marshall. Please visit www.itanetworks.com for more info.
You might also want to read the following related articles: