Sender Policy Framework (SPF) tackles email address forgery. Without SPF it is very easy to send e-mails using someone else’s email address. Often you get spam from yourself – this is because the spammer puts your e-mail address as the sender.
In order for SPF to work you need to publish a list of IP addresses that are used to send e-mails to other users on the Internet. When you send an email to someone else on the Internet your SMTP server connects to the recipient’s SMTP server, which knows the IP address of your SMTP server. The recipient’s server can compare this IP with the published records in the DNS for your domain. This is how the recipient’s server can find out if the email was sent by your server or someone posing to be a user on your domain.
Does SPF stop spam?
SPF can stop spam to a certain extent. Although spammers can still send you unwanted e-mails, they will be forced to use their own domain. SPF can effectively stop viruses or worms from an infected machine that send out thousands of message to everyone found in your address book.
How do I publish my IP Addresses?
Follow the steps below to publish SPF records.
- Gather the list of IP addresses that you know can send email to the Internet from your organization
- Use this wizard to create an SPF entry for your DNS
- Update your DNS with the string created by the wizard
Once your DNS contains necessary SPF constructs, any server can query it to find out what IP addresses should your email come from.
For the purpose of this example let us assume the following is true:
|Your domain name is:||mydomain.com|
|Your e-mail is handled by: There are 2 MX records defined in the DNS||188.8.131.52 184.108.40.206|
|Your web address is: This refers to your A record||220.127.116.11 18.104.22.168|
|Other SMTP servers on your network:||22.214.171.124 126.96.36.199|
|No other servers are used to send out e-mails for “mydomain.com”|
You can enter the following SPF record, which is a TXT record in the DNS like:
"v=spf1 a mx ip4:188.8.131.52 ip4:184.108.40.206 -all"
This entry tells the recipients SMTP server that an email where the sender’s address contains “mydomain.com” can only come from certain IP addresses. If any other IP address is used to send message the recipient can reject it.
Each element in the SPF string is separated by a white space. The table below explains what each entry means.
|v=spf1||This is the version of SPF|
|a||Signifies that email can come from any IP address listed as an A record in the DNS|
|mx||Signifies that email can come from any IP address listed as an MX record in the DNS|
|ip4:220.127.116.11||Email can also come from these IP addresses|
|-all||This means that email can only come from these IP address. If any other IP address is used the recipient should reject it. Click here for other possible values for this field.|
This Document is provided by ITA Networks, home of your total email security solution Spam Marshall. Please visit www.itanetworks.com for more info.
You might also want to read the following related articles:
- Block Spam with Exchange 2003
- Block Spam with Exchange 2003 Intelligent Message Filter
- Block Spam with Outlook 2003
- Combating Spam in the Corporate Environment
- Download Exchange 2003 Intelligent Message Filter
- GFI MailEssentials for Exchange/SMTP – more info
- How to Post to Newsgroups Without Getting spammed?
- Red Earth Policy Patrol – more info
- Spam Marshall – More Info