Skip to content

Playing with SPF

Have you ever received spam that was coming from yourself or someone else from the same domain name? Well, I did. It seems to be a new trend that spam or viruses are coming from someone with almost the same email address you use.

But why is that? The answer is simple: whitelisting. When you filter spam coming to your inbox, it can be a common practice to whitelist your email address or the domain of your organisation so that it is never non-intentionally considered spam. This is good while working with Bayesian filters and the like.

So what is the solution to this common problem? Well, it is quite simple and it is called SPF, or Sender Policy Framework. Basically, what a sysadmin does is publishing a SPF record about which server should send mail for his domain.

To be trivially installed, the SPF record uses DNS via a TXT record. So to be able to publish SPF, no other software is involved, which is great when new software needs approval.

How does the TXT record look? Taken from tamec.com's domain on DNS using dig:

"v=spf1 ip4:209.148.xx.128/25 mx a:somehost.tamec.com"

This line indicates that many machines could send emails claiming a @tamec.com address. In order:

  • Machines from 209.148.xx.128 to 209.148.xx.255
  • The machine holding the MX record
  • The machine somehost.tamec.com

Many other flags are currently recognized and you should consult the website if you want to create a SPF record.

Once SPF is published, you are ready to filter mail based on records of other hosts. If you Google a little, you should be able to find the setup needed for your favorite MTA (mine is Exim or Sendmail, it depends). Since I have not done that part yet, I cannot comment on the matter ;)


Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Form options