On 11/11/2010 9:11 AM, Jeremy Van Rooyen wrote: > Can anybody explain to me how to do this and how would I be able to > test it?
Jeremy, I really like to use the following wizard to generate my SPF strings: http://www.openspf.org/ Scroll down to the section that says "Deploying SPF", enter the domain name, and click "GO". Then, on the next page, fine tune the answers to the various questions before submitting the info to generate your SPF string. Finally, go into your DNS server and, for that domain, add that string as a TXT record. Keep in mind that, within the SPF record, you'll need to account for ALL IPs (or blocks of IPs) which are valid IPs for sending mail from that domain. Additionally, you are "stuck" in a precarious situation. If you don't specify "~all" (saying that the sending IPs/host you specified are the ONLY valid ways that mail should ever be sent from your domain), then... without being that strict, your SPF record probably won't have enought "teeth" to fix your spoofing problem. However, if you are that strict... and one of your users tries to send from an IP or host you didn't include in the SPF record (such as a user sending from a blackberry, but using their company e-mail address as the "from" address)... then you put these types of your own user's message at high risk of getting blocked by other peoples spam filters. For this reason, I generally try to only use such strict settings in extreme cases of spoofing. NOTE: When you say "spoofing", I assume you really mean a Joe Job--where a spammer is forging your users' e-mail addresses as the "from" address in their spams, correct? If yes, a strict SPF record can get the spammer to back of and go elsewhere. If something else, this might not help you? -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
