DNS SPF Record to Reduce Rejection Rate of Your E-Mail

E-mail (and internet) was invented long time ago with the assumption only very few people will do evil, but it’s not the case nowadays. It is possible to send e-mail to anyone posing as anyone else (ie: if you own the domain apple.com, you can send email as banana.com).

SPF stands for Sender Policy Framework. Long story short, it is set on the DNS zone record to configure What host is allowed to send email as your domain

Testing If Your Domain Is Setup Properly

The openspf website has list of tools you can use to check if your domain already has SPF setup properly. For example:

  1. Go to http://www.openspf.org/Why
  2. Enter the email address you’re sending as on MAIL FROM field and your smtp server under Sender's IP address (eg: smtp.apple.com)
  3. The tool was originally designed to debug rejection.. so although it passes it will say “your mail server rejected a message because”. If you read further, if your SPF record was correct it should say The domain mycompany.com has authorized to send mail on its behalf, so the message should have been accepted. It is impossible for us to say why it was rejected., whereas if it’s incorrect it will say The domain mycompany.com has not published an SPF policy. It is possible that the receiving mail server refuses all mail from domains that do not have an SPF policy.

Configuring SPF Record on Your DNS Zone

This can be done on your domain hosting. Add following DNS record to you domain name (eg: mycompany.com)

v=spf1 a mx ?all

This syntax basically says:

  1. Authorize the IP specified by A record as outbound mailer
  2. Authorize the IP specified by MX record as outbound mailer
  3. Mark everything else as Neutral

More Examples

Further Reading

Advertisements

One thought on “DNS SPF Record to Reduce Rejection Rate of Your E-Mail

  1. Pingback: hMailServer for Outbound Only SMTP Server | Otherwise I'll Forget

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s