SPF Records and Spam
Have you ever sent a legitimate email from a corporate email address only to find out from the recipient that it was falsely flagged as spam? You’re at the mercy of someone else’s spam filter, but here’s one solution that can help reduce false positives.
SPF Defined
The Sender Policy Framework (SPF) was created to reduce spam by detecting impersonation of domain names. Since anyone can forge a “from” email address in a message header, SPF can be used by email servers to verify that the message originates from the domain it claims to be from, or that it was sent from a trusted host.
Creating a DNS TXT Record
SPF data is stored in a DNS TXT record, which is supported by most domain registrars. Simply go to the DNS management console used by your registrar or Web host and look for a “TXT” record option.
Let’s say you’re using a third-party service such as Google Apps to handle your corporate email. The TXT record would be
v=spf1 mx include:v=spf1 include:aspmx.googlemail.com ~all
But what about if you’re also sending emails directly from an application server? You’d want to include the IP address of the machine hosting the SMTP server:
v=spf1 a mx ip4:67.207.129.94 include:v=spf1 include:aspmx.googlemail.com ~all
To view a detailed explanation about the above parameters and an easy-to-use wizard for generating SPF-compliant DNS entries, check out the SPF Setup Wizard.
Before and After
If you examine your email headers, you can see the impact of creating an SFP record. Here’s an email sent to a GMail account before the record was added.
Received-Spf: neutral (google.com: 67.207.129.94 is neither permitted nor denied by best guess record for domain of info@webficient.com) client-ip=67.207.129.94; Authentication-Results: mx.google.com; spf=neutral (google.com: 67.207.129.94 is neither permitted nor denied by best guess record for domain of info@webficient.com) smtp.mail=info@webficient.com
Now compare the headers with the SPF record in place:
Received-Spf: pass (google.com: domain of info@webficient.com designates 67.207.129.94 as permitted sender) client-ip=67.207.129.94; Authentication-Results: mx.google.com; spf=pass (google.com: domain of info@webficient.com designates 67.207.129.94 as permitted sender) smtp.mail=info@webficient.com
About this entry
Posted: Tuesday, August 19th, 2008 at 9:38 pm
- Author:
- Phil Misiowiec
- Tags:
- dns, google apps, sender policy framework, spam
- License:
- Creative Commons
1 Comment
Jump to comment form | comments rss | trackback uri