SPF - fighting address forgery
SPF stands for Sender Policy Framework, and the official website is
www.openspf.org. SPF allows you
publish a list of servers that are allowed to send mail from your domain,
which makes it easier for mail servers around the Internet to know when
someone is forging email addresses from your domain.
OK, how do I setup SPF?
Assuming you are a BareMetal hosting client, you need to work with us
(otherwise you need to work with your service provider). Telling
firstname.lastname@example.org that you want to setup SPF is the obvious
starting point :).
We need to know what the legitimate sources of mail with return
addresses at your domain are. In the simplest case, this will be
the BareMetal web-server hosting your account. In more complex cases
you may have staff members that use their ISP's SMTP server, or
even have suppliers that send messages in your name. If some
sources are left out, it becomes much more likely that messages sent
from these sources will be trapped and lost in SPAM filters.
(Remember that is the whole point of SPF!)
That really is about all there is to say. The openspf.org website
hosts the wizard that BareMetal staff will use to create a TXT record for
your domain and then load into our DNS servers.
Does it work?
That depends a little on how you define "work". It is not very effective
at blocking spam, as the spammers are better at working with SPF
than most ISPs seem to be. They often buy their own domains and setup
legit SPF records. However, it is quite effective at stopping spammers
from forging mail with addresses inside of your domain. This is known
as a "joe job". See the
What does it look like?
We add a record like this to the "zone" file for your domain:
@ IN TXT "v=spf1 a mx a:qmail.baremetal.com a:bounces.baremetal.com -all"
... with modifications if you use another service providers SMTP server.