Stop People Sending Mail as YOU!

by Mike on January 27, 2009 · 1 comment

in Postfix Mail Server

Creating Sender Policy Framework Records

Sender Policy Framework (SPF) SPF provides a way for SMTP servers to check to see if the mail is from your server. This disables the ability of spammers to spoof your email to say it is from you because the SPF verifies that it is from your server only. This is a needed implementation to protect your domain because it tries to eliminate return-path address forgery and identify spoofs. The ~all safeguards that your mail will not be rejected. Once you think that everything is right you can change it to -all which will turn on full functionality.

SPF works with the envelope sender address or what is known as the return-path that is used in case the email cannot be delivered.  SPF allows the owner of a domain to determine who is allowed to send email as that domain.

The problem with not implementing SPF is that other individuals can act as if they are you.

Validate Your SPF Records
This website provides a way for you to view and validate yoru current SPF records.

The Validator can do several things.
The Validator will look to see if you have SPF records and then return how they are set up. The second option allows you to enter your domain and the SPF settings that you have in order to validate how they are used.
v=spf1 a mx a: -all

SPF Wizard
The SPF Wizard is a tool you can use to set up SPF records if you do not understand what to do.  The website is here:

There are several things you need to know about your domain.  You will need to know the address of your server (a) and whether you send email from that server.  You will need to know what mail server you use and the FQDN of that server (mx).  If there is any other server that may send mail for your domain you will need that information as well.  When you enter that information and click continue you will get results that you can place with your MX records for your domain.

“v=spf1 a mx ~all”

This record shows that the server at is allowed to send mail for your domain.  Mail will not be able to be sent from other domains, or other mail server acting like they are your organization.

Here is an example of the interface.

{ 1 comment }

Mike Sandman January 29, 2009 at 2:30 pm

I will appreciate more info on this.

Previous post:

Next post: