In order to prevent a domain from been used to forge or spoof as the sender email addresses in the mail envelope SMTP MAIL FROM or Return-Path in spam e-mail message, it’s recommended that domain owners implement SPF (Sender Policy Framework)records in the DNS for the domain. SPF records allow domain owners to specify which hosts are permitted to send email on behalf of their domains.

For domain with self-hosted on own SMTP mail servers, creating SPF records for the domains is easy. SPF is normally defined using a special format of DNS TEXT records to let recipient’s mail servers identify whether the origin server of the email message is authorized to send email for the @example.com domain or not by checking the SPF record. If the originating server is not published in SPF entry, the delivered mail may be rejected, or marks as spam or bulk.

For users that make use of Google Apps service to host custom domain names with Gmail as the mail server provider, Google has also published a guide on how to set up and publish SPF records for the Google Apps hosted domain.

For domains that are been hosted on Google Apps, administrator has modify the DNS settings to publish the following TXT record to set the domain’s SPF record which authorizes Google Apps’ mail servers:

v=spf1 include:aspmx.googlemail.com ~all

The main SPF entry concerned is “include:aspmx.googlemail.com”. If the domain already has SPF record been published, just append the “include:aspmx.googlemail.com” to the SPF line, before ~all or -all closing.

Note: Publishing an SPF record that lacks include:aspmx.googlemail.com or specifying -all instead of ~all may result in delivery problems.

For organizations that activate the Postini features in Google Apps Premier Edition and configure Google Apps to route email to the internet via Postini’s servers, the SPF record to use in DNS zone configuration is as follow:

yourdomain.com. IN TXT “v=spf1 ip4:207.126.144.0/20 ip4:64.18.0.0/20 ip4:74.125.148.0/22 include:_spf.google.com ~all”

After updating or creating SPF record, check and validate SPF that the it is been published correctly.

Related Posts