SPF and DNS configuration

I recommend that you create a Sender Policy Framework (SPF) record for your domain. An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain.SPF configuration

The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.

You can also lookup and test your SPF settings here.

So how do you add a SPF record to your domain. Well that is easy. A SPF record is nothing more than a TXT record in your DNS administration.

For a mail server the following DNS entries are defined:

SPF record in DNS

As you can see there is a SPF record on the subdomain mail. A mail server that is receiving email from your domain retrieves the SPF record for your domain and verifies that the sending IP is auhtorized (by the SPF record) for this action.

The headers below of an email message show a domain without a SPF record:

x-store-info:w5JOV+GpEg16Hd3Liu8PdV6w7ot2s5vN
Authentication-Results: hotmail.com; spf=none (sender IP is 149.210.153.91) smtp.mailfrom=pkn-bnn-iw@mail.bjdejong.nl; dkim=none header.d=example.nl; x-hmca=none header.id=example@example.nl
X-SID-PRA: example@example.nl
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MjtHRD0xO1NDTD0z
X-Message-Info: /3z5fcrqMMUC9h0cjR+uvxBFbZLKdSdtWqbr6MInznDp3iFPY3dfZtYCX/McjjMtj/elcEu8E8GWPTQfME0U8yM95EcDOlBGfpGY3FVu+zhLC/YR0apj5gaojeU+XWKSFMn5xpzk3h7mi1Zrgx5MoCPw09osDoKH5afXmmKDtnxMmXlqQKv2juplilatuJpfG2/eYbQkFt2x+JC9NXiXJelaZ42f/aaw0S73pWX0oijyKeKhtLa1cA==
Received: from mail.bjdejong.nl ([149.210.153.91]) by COL004-MC4F4.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143);
	 Fri, 11 Dec 2015 03:05:49 -0800
Received: by mail.bjdejong.nl (Postfix, from userid 1053)
	id 2D6A93C2F6B; Fri, 11 Dec 2015 12:05:40 +0100 (CET)
To: berendjdejong@gmail.com, berendjdejong@hotmail.com
Subject: Your subject goes here
X-PHP-Originating-Script: 1053:class-phpmailer.php
Date: Fri, 11 Dec 2015 11:05:40 +0000
From: example <example@example.nl>
Message-ID: <421364d92aacfc35ba32861d8d20d90a@pkn-bnn-iw.nl>
X-Priority: 3
X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/)
Reply-To: <example@example.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Return-Path: pkn-bnn-iw@mail.bjdejong.nl
X-OriginalArrivalTime: 11 Dec 2015 11:05:49.0453 (UTC) FILETIME=[E48E43D0:01D13403]

Message contents

As you can see there is no SPF record defined. You can verify this with the host command:

host -t txt mail.bjdejong.nl

Now after adding an SPF record to the domain and sending a new message (wait a while for the changes to take effect in the global DNS systems) headers are as shown below (send to a hotmail account):

x-store-info:w5JOV+GpEg16Hd3Liu8PdV6w7ot2s5vN
Authentication-Results: hotmail.com; spf=pass (sender IP is 149.210.153.91) smtp.mailfrom=example@mail.bjdejong.nl; dkim=none header.d=example.nl; x-hmca=none header.id=example@example.nl
X-SID-PRA: example@example.nl
X-AUTH-Result: NONE
X-SID-Result: NONE
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MjtHRD0xO1NDTD0z
X-Message-Info: /3z5fcrqMMUC9h0cjR+uvxBFbZLKdSdtWqbr6MInznDp3iFPY3dfZtYCX/McjjMtj/elcEu8E8GWPTQfME0U8yM95EcDOlBGfpGY3FVu+zhLC/YR0apj5gaojeU+XWKSFMn5xpzk3h7mi1Zrgx5MoCPw09osDoKH5afXmmKDtnxMmXlqQKv2juplilatuJpfG2/eYbQkFt2x+JC9NXiXJelaZ42f/aaw0S73pWX0oijyKeKhtLa1cA==
Received: from mail.bjdejong.nl ([149.210.153.91]) by COL004-MC4F4.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143);
	 Fri, 11 Dec 2015 03:05:49 -0800
Received: by mail.bjdejong.nl (Postfix, from userid 1053)
	id 2D6A93C2F6B; Fri, 11 Dec 2015 12:05:40 +0100 (CET)
To: berendjdejong@gmail.com, berendjdejong@hotmail.com
Subject: Your subject goes here
X-PHP-Originating-Script: 1053:class-phpmailer.php
Date: Fri, 11 Dec 2015 11:05:40 +0000
From: example <example@example.nl>
Message-ID: <421364d92aacfc35ba32861d8d20d90a@pkn-bnn-iw.nl>
X-Priority: 3
X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/)
Reply-To: <example@example.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Return-Path: example@mail.bjdejong.nl
X-OriginalArrivalTime: 11 Dec 2015 11:05:49.0453 (UTC) FILETIME=[E48E43D0:01D13403]

Message contents

The SPF check is now passed. Also the output of the host -t txt mail.bjdejong.nl command  should now give you the TXT SPF record.

Also be sure to edit your /etc/mailname  to reflect the name of your server on an Ubuntu distribution.

Share

Leave a Reply

Your email address will not be published.