Go4Expert - Understanding and Using SPF

SPF or Sender Policy Framework is a system created to prevent e-mail spam & e-mail spoofing. It does so by verifying the sender's IP address is a authorized one for the domain the mail is originating from. SPF requires domain admins to add DNS TXT or SPF records specifying hosts/IPs allowed to send mails for the domain. MX servers check with these records to identify spoof/spam mails.

SPF records are specially formatted text which can easily be parsed by mail exchange servers (MX servers), though there have been debates regarding the nature of TXT records which should be free text without any formatting, as a result a new record type SPF (DNS type 99) was created.

An example SPF record would look like this:

Code:

go4expert.com.          38400   IN      TXT     "v=spf1 a mx  a:go4expert.com ip4:184.173.115.98 ip4:50.97.168.100  include:aspmx.googlemail.com ?all"

Let's dissect the SPF record above to understand what it means, except for v= everything else is called mechanism. v= tells what version of SPF is being used.

a will match and allow the IP as in the domain's A record.
mx will allow all IPs of the domain's MX records.
ip4 you can specify individual IPs or mask.
include this is used to include SPF of another domain.
all represents all addresses, now you can negate/allow/treat neutral using -/+/? characters before 'all'.

You can create SPF records using the Microsoft's SPF creator wizard at (http://www.microsoft.com/mscorp/safe...nderid/wizard/) or you can type it out manually. Then you can use http://www.kitterman.com/spf/validate.html to validate your domains SPF records.

I would recommend everyone to create SPF records as this prevents email address spoofing. For further reading I would suggest you to visit http://www.openspf.org