| Adding an SPF record for your domain |
Article ID:521 |
SPF (Sender Policy Framework) is a method of verifying that the sender of an email message went through the appropriate email server when sending. As more and more companies add SPF information to their domain DNS records, this check will prevent spoofing at an increasing rate. To understand spoofing, please see this article: Spoofing, What is it and how can it affect me?
In short, an SPF record is a specific type of DNS record that identifies what servers are authorized to send mail for your domain. A brief example:
- domainA.com has an spf record authorizing mail1.domainA.com to send mail, and no other servers.
- 2 emails are sent:
- EMAIL 1: user1@domainA.com sends an email through his company's mail server, mail1.domainA.com... to recipient friend@domainZ.com.
- EMAIL2: a spammer sends an email from his own mail server, and he SPOOFS the sender address as "user1@domainA.com" to recipient friend@domainZ.com.
- Let's assume the service provider for domainZ.com does use SPF record checking... not all providers do, but many are adopting this.
- When the mail server for friend@domainZ.com gets the mail, it will lookup the SPF record for domainA.com:
- it will see EMAIL1 was from an authorized mail server, and accept it.
- it will see EMAIL2 was NOT from an authorized mail server, and REJECT it (or it can weight it more heavily as "likely spam" in it's spam scoring algorithms).
3Essentials does not include SPF records by default. This is because SPF has the potential to cause a domain's email to be blocked if set up incorrectly or if other mail servers your domain uses are omitted, and because our customers have different needs, some may need to send mail for their domain from email servers other than our own, we simply can't know what is the correct SPF record for a given customer... and we don't want to accidentally cause you to have mail blocked.
However, we DO strongly encourage customers to implement an SPF record for their domain... this will protect your domain from being spoofed, and help internet providers identify and fight spammers who utilize spoofing. Please contact us to help you define the proper SPF record for your domain hosted with us... we have a unique mail routing gateway system which will require certain entries in your SPF record. We are glad to help you define the proper SPF record, and implement it in your DNS for the domain... however it is you and your organization's responsibility to understand the full ramifications of implementing an SPF record, including the controversy surrounding SPF vs Sender ID, information detailed at www.openspf.org/SPF_vs_Sender_ID.
We encourage you to thoroughly review all information provided at http://www.openspf.org/ before you move forward with implementing SPF.
To implement an SPF record for your domain:
- Determine what your SPF record should be (again, please contact our support department to assist you to ensure that our mail gateway infrastructure is properly listed in your SPF record)
- if your DNS is hosted elsewhere, check with your DNS hosting provider for details on adding new DNS record to your DNS zone.
- if your DNS is hosted with 3Essentials, continue with the following:
- log into your control panel
- click your domain
- click on the DNS icon
- click on ADD new record
- add an TXT record with the SPF details.
|
| Downloads associated with this article: |
| No downloads associated with this article |
 Back
to Search or Browse |
