Admins know the battle against unsolicited mail is hard-fought and never ending! Spammers always seem to be a step ahead, changing their methods as soon as a solution is found. Lately, the company I work for has been receiving a lot of emails supposedly from itself. These messages are definitely spam, usually containing some crap about Viagra but, bypassing our filter. After researching a bit I found the solution in SPF.

Publishing an SPF record allows you to specify which machines can send mail from a given domain. Lets say example1.com is sending a message and example2.com is receiving it. When example2.com gets the message it checks example1.com's SPF record to see if the server's IP is listed as OK to send. If that is the case, the message gets a PASS and is delivered. When a message originates from an IP that is not listed it gets a FAIL and can be rejected or sent through additional filters.

Creating an SPF record for yourself should be relatively easy but, does depend on your network setup and how many mail servers are present. If you don't have control over your DNS you may have to ask your ISP to make this change for you. I manage a small, single domain network with one mail server so my record was pretty simple.

"v=spf1 mx -all"
This simple record says that the mx servers for my domain can send mail. All messages that can't pass this check receive a -FAIL and are rejected.

Be careful, the syntax of the various mechanisms is very important. Simply putting a ~ instead of - in front of the "all" resulted in our server accepting messages that had failed the check.

Creating an SPF record is an important step in the battle against spoofed mail. There are some great resources on the Web that can walk you through creating an SPF record even generate it for you. Check out the Sender Policy Framework site for information, and an easy-to-use wizard. Several ways to test records exist though I found the one located here simplest to use.

Labels: spam, SPF, work