Have you ever wondered what SPFs are all about? If you think we’re talking about sunscreen, then you’ve come to the right place! In this article you’ll learn all about SPF records and how to implement them to make your life easier. SPF is an acronym for Sender Policy Framework. Simply put, it’s a record that is added in the DNS for your domain, but it’s not like other commonly known records (A, PTR, MX etc..). SPF configuration populates it with a collection of IP, MX and A records and it even includes other IPs or domains.
What is SPF used for?
SPF is used to protect your server from receiving spoofed messages from spammers pretending to be you so that they increase their credibility threshold as they try to get into the network.
How does SPF work?
When a server, with SPF configured, receives a message; it checks if the IP address the connection is coming from is listed in the SPF record previously published in the DNS. It does this to validate your real identity. If the IP address is not listed, then the messages will be rejected (if SPF is configured with a hard fail) or the message will be accepted (If the SPF is configured with the soft fail).
Here is how it should look when you perform an nslookup from your command prompt:
To further clarify these two examples:
The domain1.com has a hard fail (all) SPF and users in this domain are only allowed to send mail from the IP addresses mentioned, the IP of the MX record, and IP of the A record or they can also use the SPF configuration for the domain “Another_domain.com”. In the end, if the IP address the person is coming from is listed in the above, then the email is accepted, otherwise, it is rejected with a 550.
The domain2.com in the example above has basically the same explanation as the domain1.com configuration except this one is also allowing sending messages from PTR records IP addresses.
For more details on configuring SPF and the switches you can use check out OpenSPF
Will my server reject mail if the sender doesn’t have an SPF record?
The simple answer is no – when you set your server to check for SPF records it doesn’t actually force it. The server is intelligent enough to differentiate among domains with SPF and the ones without SPF and it only applies SPF rules to those that have their SPF records configured.
What is the benefit of adding an SPF record to my DNS records?
Having an email server without an SPF record will make your spam server receive tons of junk email and will impact system performance. Furthermore, if the message (s) is not quarantined, spammers will have the opportunity to use your server as a relay and send tons of spam to other servers. This is a problem because your servers IP address will likely end up being listed on Real Time Black List (RBL) servers.
Once you are on such a list, many of your legitimate emails will start getting rejected by other servers and this can cripple companies. To avoid this scenario, you will need to get in touch with individuals at the RBL and ask them to remove your IP from their list. From experience, I can tell you that this is NOT an easy task!
With an increase of security threats, we are challenged to seek more ways at securing our environment and applying the necessary tools to protect our information. Be proactive and configure the SPF record for your domain!.
Leave a Comment