Three steps to assist with preventing domain mail spoofing:
- Assess and gather information on domain(s) that send mail from your organization (this is for external usage/verification not internal)
- Create a SPF TXT record and publish it to authoritative DNS name servers
- Verify – Ensure that the domain is being protected as intended.
Sender Packet Framework, SPF, record creation and publishing to a DNS name server is at the heart of the Sender ID Filtering framework. The other side of the configuration is done within the mail server itself. Many have shrunk back from implementing this while other are embracing this new technology and benefitting from it.
A 2007 report shows very encouraging news of this anti-SPAM tool at a favorable tipping point, after reading the report I have to wonder who was the editor but still some of the information clearly shows the trend is making a dramatic difference for companies such as PayPal and GoDaddy.com, as well as, users of Hotmail mailboxes.
- The Microsoft repository of Sender ID/SPF knowledge starts here.
- SPF vs Sender ID – Is SPF the same thing as Sender ID? Which is better?
- orignally SPF stood for Send Permitted From
- http://en.wikipedia.org/wiki/Sender_Policy_Framework – factoid rich
- Send an e-mail to email@example.com. Your message will be rejected (this is by design) and you will get the SPF result either in your MTA mail logs or via however your MTA reports errors to message senders (e.g. a bounce message). This is done to avoid the risk of backscatter from the tester. This test tests both MAIL FROM and HELO and provides results for both.
- Send an e-mail to firstname.lastname@example.org and you will receive a reply containing the results of the SPF check.
- Use this web based tool: http://www.kitterman.com/spf/validate.html
- Or this web based form: http://vweb.nass.com.au/cgi-bin/dnslookup
A couple of top level Microsoft resources: