SPF – Not just for sunscreen anymore!

June 29, 2007

Unless you are a spam generator (in which case, please go jump into a wood chipper), you want to do everything you can to help stop the spam onslaught.

One thing all domain owners can do is setup a SPF record in the DNS zone.
For all sorts of information, check out this link. They have a nice wizard for helping you create your SPF record, too. At first, it seem complicated, but trust me, it’s not.
A simple example is just:
IN TXT "v=spf1 mx ~all"
Which just means, “Accept mail from my domain from any of my MX servers (as listed in my DNS zone).”If you have someone else process your inbound mail (say an anti-spam/anti-virus filtering service like we provide), but it ends up on your own mail server, and you send your own mail directly, you might have something like:

IN TXT "v=spf1 mx a:mymailserver.example.com ~all"
Which means, “Accept mail from my domain from any of my MX servers as well as the server mymailserver.example.com.” The “a:” tells the receiving side to lookup an A record for mymailserver.example.com and if the IP of the connecting sender matches, all is good!If you send mail to a use of Google Mail, Google really appreciates your use of an SPF record and even puts a nice record in the header of the received email:

Received-SPF: pass (google.com: domain of user@example.com designates as permitted sender)
This was sent from a customer directly from their Exchange server that we listed as an “a:” record in their DNS zone.So, that’s the sender’s side, how about being on the receiving side …

Some MTAs already support SPF natively, and almost all other current MTAs have patches or software plugins that provide SPF support. In fact, Ubuntu’s 7.04 release (Feisty Fawn) has announced support for their Postfix package. Have I mentioned yet that I like Ubuntu? 🙂 With luck, they will back port it into their LTS distribution … maybe.

If your MTA doesn’t already support SPF, there are a number of methods to stuff it in … I suggest to just start Googling around.

For Postfix on a non-7.04 Ubuntu server, check out this link. The worst part is getting all of the prereq perl modules in place.

If you want to skip all of this work, but want to keep your own mail server, feel free to contact us at info at officepcsupport.com — we can do the pre-filtering of anti-spam/anti-virus for you and then relay the mail to your server. We also do POP/IMAP/Webmail services for offsite email storage if that’s what you would prefer.

With luck, if more and more domains, servers, and relays implement SPF, at least the faked originator spam will loose ground, so put on your SPF already, will ya!?!

add to del.icio.usDigg itStumble It!Add to Blinkslistadd to furladd to ma.gnoliaadd to simpyseed the vineTailRank