Skip navigation

Currently Being Moderated

Sender Policy Framework (SPF) - Document addressed only for customers that are NOT using Business Catalyst as hosting provider

Apr 3, 2013 10:04 AM

SPF General Overview:

 

SPF also known as Sender Policy Framework is a protocol that help you controlling forged e-mail. SPF is not directly about stopping spam, junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren't. While not all spam is forged, virtually all forgeries are spam. SPF is not anti-spam in the same way that flour is not food: it is part of the solution.

 

If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, since the forged e-mails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Since an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate e-mail from the domain is more likely to get through.

 

How it works:

 

Let's say a spammer forges a yahoo.com address and tries to spam you. They connect from somewhere other than Yahoo.

 

When his message is sent, you see MAIL FROM: <forged_address@yahoo.com>, but you don't have to take his word for it. You can ask Yahoo if the IP address comes from their network.

 

(In this example) Yahoo publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Yahoo.

If Yahoo says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it's a forgery. That's how you can tell it's probably a spammer.

 

This is definitely something that I want so what should I do next to have this in place?

 

Since you are not using Business Catalyst's hosting service you need to go to your hosting provider and create the following record:

 

Record name should be something like @(or enter the non-WWW domain) to map the record directly to your domain name

Record type should be TXT

Record value should be v=spf1 mx include:worldsecuresystems.com ~all

Record TTL should be 1 day (86400 seconds) - TTL represents how long the server should cache the information.

 

You have below links on how to add TXT records from some of the biggest hosting providers:

 

GoDaddy - http://support.godaddy.com/help/article/7925/adding-or-editing-txt-rec ords

HOSTGATOR - https://support.hostgator.com/articles/specialized-help/email/problems -with-spoof-spf

BLUEHOST - https://my.bluehost.com/cgi/help/559

JUST HOST - https://my.justhost.com/cgi/help/559

 
Comments (4)