I work for a small business and outsourced our email hosting to Google. However, I noticed that spammers are using our From: First Last
You must create a Sender Policy Framework (SPF) recored for all your domains which are used to send emails. An SPF can identifies which mail servers are permitted to send email on behalf of your domain. This is used to prevent spammers from sending messages with forged From addresses at your domain such as firstname.lastname@example.org, where foo is not a valid username. In this example, spammers use email@example.com to send spam to firstname.lastname@example.org. When my mail server receives a message from email@example.com, it will check the SPF record for example.com to find out if it is a valid message or not. If the message comes from a server other than the mail servers listed in the SPF record, than my mail server can reject it as spam or mark as spam.
nixcraft.com can send email using the ALL of the following servers: /// | +----------------------+ Mail Server (point to) | server1.nixcraft.com | w/ local sendmail 184.108.40.206 | +----------+----------------------+ +------------+ | | Google | | +----------------------+ | Apps | | | server2.nixcraft.com | w/ local sendmail 220.127.116.11 | Mail +--------------------+----------+----------------------+ | Server | | +------------+ | +----------------------+ | | | server3.nixcraft.com | w/ local sendmail 18.104.22.168 nixcraft.com.s7b1.psmtp.com. +----------+----------------------+ nixcraft.com.s7b2.psmtp.com. nixcraft.com.s7a1.psmtp.com. nixcraft.com.s7a2.psmtp.com.
Consider the following examples:
$ host -t mx nixcraft.com
nixcraft.com mail is handled by 4 nixcraft.com.s7b2.psmtp.com. nixcraft.com mail is handled by 1 nixcraft.com.s7a1.psmtp.com. nixcraft.com mail is handled by 2 nixcraft.com.s7a2.psmtp.com. nixcraft.com mail is handled by 3 nixcraft.com.s7b1.psmtp.com.
Above four MX servers receive mail for nixcraft.com domain. All of the above servers are managed by Google apps. However, nixcraft.com has 3 KVM based vps server to host its website. Those 3 nodes also send emails to its customers or users. You need to add them to your list too:
Finally, its public ip address may also send an email to its customer or users:
$ host nixcraft.com
How Do I Build a SPF Record for nixcraft.com?
You need to add the entry as follows in nixcraft.com zone file (BIND 9 syntax):
@ 3600 IN TXT "v=spf1 a mx ip4:22.214.171.124 ip4:126.96.36.199 ip4:188.8.131.52 include:_spf.google.com ~all"
If you are using djbdns, enter:
'nixcraft.com:v=spf1 ip4\072184.108.40.206 ip4\072220.127.116.11 ip4\07218.104.22.168 a mx include\072_spf.google.com ~all:3600 'nixcraft.com.s7a1.psmtp.com:v=spf1 a -all:3600 'nixcraft.com.s7a2.psmtp.com:v=spf1 a -all:3600 'nixcraft.com.s7b1.psmtp.com:v=spf1 a -all:3600 'nixcraft.com.s7b2.psmtp.com:v=spf1 a -all:3600 's7a1.psmtp.com:v=spf1 a -all:3600 's7a2.psmtp.com:v=spf1 a -all:3600 's7b1.psmtp.com:v=spf1 a -all:3600 's7b2.psmtp.com:v=spf1 a -all:3600
- @ : Domain name i.e. nixcraft.com.
- 3600 : TTL for domain recored.
- IN TXT "v=spf1 : Start an SPF recored.
- a : nixcraft.com's IP address is 22.214.171.124 which is allowed to send mail from nixcraft.com.
- mx : The *.psmtp.com. servers are allowed to send mail from nixcraft.com.
- ip4:126.96.36.199 : 188.8.131.52 is allowed to send mail from nixcraft.com.
- ip4:184.108.40.206 : 220.127.116.11 is allowed to send mail from nixcraft.com.
- ip4:18.104.22.168 : 22.214.171.124 is allowed to send mail from nixcraft.com.
- include:_spf.google.com: Send mail from _spf.google.com (includes large number of Google apps server) is also allowed to send mail from nixcraft.com.
- ~all : Messages that are not sent from an approved server should still be accepted but may be subjected to greater scrutiny or spam check.
Finally, reload your BIND 9 named (don't forget to increase serial number):
# /etc/init.d/named reload
How Do I Verify My SPF Records?
Type the following command:
$ dig txt nixcraft.com
$ host -t txt nixcraft.com
nixcraft.com descriptive text "v=spf1 a mx ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206 include:_spf.google.com ~all"
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop