Alexander Conroy

Sender Policy Framework – Protect your E-mail from Spam with SPF

No Spam circle signYou don’t want your domain blacklisted from e-mails right? You didn’t send all those spam messages! Someone just started sending e-mails from your domain without even having access to it! What to do?!

This is quite common actually. E-mail wasn’t set up for authentication properly when the SMTP protocols came out. Hence why it is called “Simple” Mail Transfer Protocol, shame that it is standard. Recently Esotech has been getting tons of bounced e-mails sent from random addresses that don’t even exist from our server.

Most of our clients use Google Apps for their domains, and although this cuts back on being recognized as spam simple because of the Google MX records and CNAME, it is still advisable to add a SPF record to your DNS so that when your domain comes up next on the list of spammer targets, worldwide e-mail servers and blacklists have a chance to look up your domain to see if you really sent that mail. Yoast has a really good article on why you should be using SPF for your domain, how to do it, and how to test it. 

There are a couple details left out, one being very important: You should not have more than 1 SPF Record. Most domains allow more than one, but this can screw up your settings. SPF Records either go in your DNS’s SPF section, or in the TXT section if the SPF section doesn’t exist. The name of the record doesn’t matter, only the value. 

The second detail is if you have multiple domains that can send e-mail on your behalf; you need to list them in the same record. The key here is the “include:” tag. You can put as many includes as you want as long as you have the domain that you want allows right after, and a space separating any other includes,  just list them. also, putting an “a” is important as Yoast mentions, so that your web server, or any IP that is listed in your A records, can also send mail. Careful with this if you have A record to a dubious IP Address. 

Below is an example of Esotech’s SPF Record. It allows 3 things, all A record IP’s, Google Apps, and Zendesk to send e-mails on our behalf. When an E-mail provider looks us up, it knows whats us and whats not.

v=spf1 a include:_spf.google.com include:support.zendesk.com ~all

I named my record “GmailZendesk”, just so I know what I have listed.

Good luck keeping your servers spam free! Happy E-mailing!