SPF - fighting address forgery

SPF stands for Sender Policy Framework, and the official website is www.openspf.org. SPF allows you publish a list of servers that are allowed to send mail from your domain, which makes it easier for mail servers around the Internet to know when someone is forging email addresses from your domain.

OK, how do I setup SPF?

Assuming you are a BareMetal hosting client, you need to work with us (otherwise you need to work with your service provider). Telling support@baremetal.com that you want to setup SPF is the obvious starting point :).

We need to know what the legitimate sources of mail with return addresses at your domain are. In the simplest case, this will be the BareMetal web-server hosting your account. In more complex cases you may have staff members that use their ISP's SMTP server, or even have suppliers that send messages in your name. If some sources are left out, it becomes much more likely that messages sent from these sources will be trapped and lost in SPAM filters. (Remember that is the whole point of SPF!)

That really is about all there is to say. The openspf.org website hosts the wizard that BareMetal staff will use to create a TXT record for your domain and then load into our DNS servers.

Does it work?

That depends a little on how you define "work". It is not very effective at blocking spam, as the spammers are better at working with SPF than most ISPs seem to be. They often buy their own domains and setup legit SPF records. However, it is quite effective at stopping spammers from forging mail with addresses inside of your domain. This is known as a "joe job". See the jargon file.

What does it look like?

We add a record like this to the "zone" file for your domain:

@ IN TXT "v=spf1 a mx a:qmail.baremetal.com a:bounces.baremetal.com -all"