Jump to content

Help Stop Spammers From Spoofing With Your Domain


Mike Gibbs
 Share

Recommended Posts

A simple to implement method to help protect your domain from email spoofing is by setting up a Sender Policy Framework.

When an email is received from your domain, the system would have the ability to check the SPF record on your DNS to see if the email came from a trusted source.

For example for a google hosted domain name you would add a txt record containing:

v=spf1 include:_spf.google.com ~all

Note: ~all is not the same as -all

An example email header before a SPF record existed would look like:

Received: from mail-pw0-f46.google.com (mail-pw0-f46.google.com [209.85.160.46])

by mx.google.com with ESMTPS id c3si23440902ict.140.2011.06.21.14.25.35

(version=TLSv1/SSLv3 cipher=OTHER);

Tue, 21 Jun 2011 14:25:35 -0700 (PDT)

Received-SPF: neutral (google.com: 209.85.160.46 is neither permitted nor denied by best guess record for domain of emailaddress@nexidyne.com) client-ip=209.85.160.46;

Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.160.46 is neither permitted nor denied by best guess record for domain of emailaddress@nexidyne.com) smtp.mail=emailaddress@nexidyne.com

After a SPF record has been added the header would look like:

Received: from mail-iy0-f174.google.com (mail-iy0-f174.google.com [209.85.210.174])

by mx.google.com with ESMTPS id bi3si3658024icb.148.2012.02.15.12.56.14

(version=TLSv1/SSLv3 cipher=OTHER);

Wed, 15 Feb 2012 12:56:15 -0800 (PST)

Received-SPF: pass (google.com: domain of emailaddress@nexidyne.com designates 209.85.210.174 as permitted sender) client-ip=209.85.210.174;

Authentication-Results: mx.google.com; spf=pass (google.com: domain of emailaddress@nexidyne.com designates 209.85.210.174 as permitted sender) smtp.mail=emailaddress@nexidyne.com

For other email servers, for example Dreamhost (http://wiki.dreamhost.com/SPF) you can add something like:

v=spf1 ip4:64.111.100.0/24 ip4:66.33.201.0/24 ip4:66.33.216.0/24 ip4:208.97.132.0/24 ip4:208.97.187.0/24 ip4:208.113.200.0/24 ip4:208.113.244.0/24 ip4:208.113.175.0/24 mx -all

You can check to see if you have this record by issuing the *nix command nslookup -query=any domainname.ext

Link to comment
Share on other sites

That's what I use in my domain, SPF to prevent spammers from taking over my mail server. It's a very nice security feature that allows system administrator to whitelist domains, and only those approved domains are allowed to send emails through.

Link to comment
Share on other sites

  • 2 weeks later...

I would also recommend having your hosting provider setup a proper PTR record and setup domain keys. also for added security enable an authentication requirement even for local host sending out so that if your machine gets exploited it isn't as easy for them to get your IP address blacklisted.

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

is also a great generator for setting up your SPF record.. its like SPF for dummies.

Edited by Batmonkey
Link to comment
Share on other sites

  • 11 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...