.:: What is an SPF record for a domain? ::.

[tuXian]

Heard about various resource records for a domain name but whats this SPF record? Is it some kinda new resource record??

I saw this somewhere on the net :

01 Oct 2004 was the target date for domains to have SPF records in place.

What is this SPF record? What does it do?? How to add it.???

May be a DNS Zone editor will be required?!

Plz lemme know asap

 

[enoonmai]

SPF is the Sender Policy Framework and was required for a domains and its mail servers to validate legit/ illegitimate sources of email. It was proposed at pobox.com and is being pushed as the IETF standard.

The purpose of existence of the SPF record is to allow a receiving MTA (Message Transfer Agent) to query the nameserver of the domain which appears in the email (the sender) and determine if the originating IP of the mail (the source) is authorized to send mail for the sender's domain, which is of course, as you'd have gathered by now, a way to prevent spamming, phishing, etc.

You can configure SPF for your domain through the SPF wizard at

*spf.pobox.com/wizard.html

and at

*spftools.infinitepenguins.net/create.php

 

[tuXian]

thanks for the info? Looks to be a great thing.
But are there any negative effects of implementing it?

 

[enoonmai]

Not that I know of, plus you don't really have an option. Comply with it, and you will kill the chance of any mails being spoofed from your domain. As far as I know, a lot of people have domains that are SPF compliant, plus its just adding a single line of text to your DNS entry, so what the heck? If it makes my domain look good and save it from spammers, heck,yeah sure, why not? As long as its a reverse MX lookup and it can prevent UCEs spoofing addresses on my domain. Plus, you can put this logo to certify your site complies with the SPF/SenderID specs.

*www.msexchange.org/img/upl/image0041096537347243.gif

It'll at least put your users' faith in you. So you see, while it is still optional, and you will only be prompted with warnings, its still a good idea.

 

[tuXian]

Ok thanks

But Im using Bigmailbox service at my site to provide email to users. So my MX record points to them. I think this is making matters a bit complicated. I cant ask them to do it for me.

 

[enoonmai]

Then just go ahead and just ignore the warning. Its mostly for people who conduct business transactions online and dont want their reputations getting damaged. Plus, they have to pay for bandwidth when a user sends a mail to the domain's postmaster about the spam. If it's nothing important and its just a personal/info site, go ahead and just ignore the SPF records warning.

 

[tuXian]

ok! thanks

BTW any idea about its sucess rate??

 

[enoonmai]

So far, only 8000 domains are SPF compliant, so there's no reliable data. But it seems to be working. Its becoming harder to spoof mail IDs from the domains that are registered with the Microsoft CallerID (SenderID) for email, which is a major part of SPF. Until more domains jump on, it will be harder to say. As you know, this is just *one* of the methods proposed to cut the UCEs. Yahoo! as you're probably aware is pushing DomainKeys, so there's no clear indication yet. We should know for certain by the end of the year, I think.

 

[tuXian]

Thanks for all that enlightment

 

[enoonmai]

Anytime! Glad to help out a fellow Linux fan!