Carlos Camacho
12-18-2005, 08:31 PM
I have a forum that sends out registration emails. I find that many emails to large ISPs such as Yahoo will get tagged as SPAM.
As I searched for a solution to reduce bounced emails, I came across SPF - Sender Policy Framework (aka authenticating e-mail senders) which I had not known about.
SPF was initiated by Meng Weng Wong of pobox.com and is being proposed (as of July 2004) as an IETF standard to enable validation of legitimate sources of email. The information below is NOT complete please see the SPF web site which contains further information or the draft RFC.
Briefly the design intent of the SPF record is to allow a receiving MTA (Message Transfer Agent) to interrogate the Name Server of the domain which appears in the email (the sender) and determine if the originating IP of the mail (the source) is authorized to send mail for the sender's domain.
The SPF information is contained in a standard TXT RR (though a new RR type may be allocated if and when SPF reaches standardization by the IETF).
If a SPF (TXT) RR exists and authorizes the source IP address the mail can be accepted by the MTA. If the SPF (TXT) RR does not authorize the IP address the mail can be bounced - it did not originate from an authorized source for the sender's domain. If the domain does not have an SPF RR the situation is no worse than before.
There are many tutorials on SPF if you search in Google. Below, is a step by step courtesy of PowerVPS support to implement it on Plesk VPS. If you are using another control panel, contact support, or if you know how, please add to the PowerVPS Wiki.
For NEW sites:
Please, add a DNS template:
http://download1.swsoft.com/Plesk/Plesk7.5/Doc/plesk-7.5r-admins-guide-html/ch03s27.html
Using the above docs, add this record:
<domain>. TXT "v=spf1 a mx mx:mail.<domain> ip4:<ip> -all"
To get to that Plesk screen, go Server > DNS >
* Add TXT record for zone, leave 'domain name' field blank, in 'TXT record' field enter "v=spf1 a mx mx:mail.<domain> ip4:<ip> -all" without quotes)
* New domains will be created using updated template.
(If you change the IP of the site though, you'll need to re-create it by hand!)
For already created sites:
* For each domain, you have to add following TXT record:
mydomain.com. TXT "v=spf1 a mx mx:mail.mydomain.com. ip4:1.2.3.4 -all"
where 1.2.3.4 is IP adress of your mail server. (Don't type the quotes. They will appear after you save the record.)
* Or you can use 'Restoring the DNS zone by the template' option in DNS zone editor (see):
http://download1.swsoft.com/Plesk/Plesk7.5/Doc/plesk-7.5r-clients-guide-html/ch03s29.html).
So, for mydomain.com, SPF record should be:
mydomain.com. TXT "v=spf1 a mx mx:mail.mydomain.com ip4:N.N.N.N 1 -all"
* replace mydomain.com with your domain and N.N.N.N with the domain's IP
* While testing, it is better to use "~all" and not "-all" notation.
Someone should add this to the Plesk Wiki section.
As I searched for a solution to reduce bounced emails, I came across SPF - Sender Policy Framework (aka authenticating e-mail senders) which I had not known about.
SPF was initiated by Meng Weng Wong of pobox.com and is being proposed (as of July 2004) as an IETF standard to enable validation of legitimate sources of email. The information below is NOT complete please see the SPF web site which contains further information or the draft RFC.
Briefly the design intent of the SPF record is to allow a receiving MTA (Message Transfer Agent) to interrogate the Name Server of the domain which appears in the email (the sender) and determine if the originating IP of the mail (the source) is authorized to send mail for the sender's domain.
The SPF information is contained in a standard TXT RR (though a new RR type may be allocated if and when SPF reaches standardization by the IETF).
If a SPF (TXT) RR exists and authorizes the source IP address the mail can be accepted by the MTA. If the SPF (TXT) RR does not authorize the IP address the mail can be bounced - it did not originate from an authorized source for the sender's domain. If the domain does not have an SPF RR the situation is no worse than before.
There are many tutorials on SPF if you search in Google. Below, is a step by step courtesy of PowerVPS support to implement it on Plesk VPS. If you are using another control panel, contact support, or if you know how, please add to the PowerVPS Wiki.
For NEW sites:
Please, add a DNS template:
http://download1.swsoft.com/Plesk/Plesk7.5/Doc/plesk-7.5r-admins-guide-html/ch03s27.html
Using the above docs, add this record:
<domain>. TXT "v=spf1 a mx mx:mail.<domain> ip4:<ip> -all"
To get to that Plesk screen, go Server > DNS >
* Add TXT record for zone, leave 'domain name' field blank, in 'TXT record' field enter "v=spf1 a mx mx:mail.<domain> ip4:<ip> -all" without quotes)
* New domains will be created using updated template.
(If you change the IP of the site though, you'll need to re-create it by hand!)
For already created sites:
* For each domain, you have to add following TXT record:
mydomain.com. TXT "v=spf1 a mx mx:mail.mydomain.com. ip4:1.2.3.4 -all"
where 1.2.3.4 is IP adress of your mail server. (Don't type the quotes. They will appear after you save the record.)
* Or you can use 'Restoring the DNS zone by the template' option in DNS zone editor (see):
http://download1.swsoft.com/Plesk/Plesk7.5/Doc/plesk-7.5r-clients-guide-html/ch03s29.html).
So, for mydomain.com, SPF record should be:
mydomain.com. TXT "v=spf1 a mx mx:mail.mydomain.com ip4:N.N.N.N 1 -all"
* replace mydomain.com with your domain and N.N.N.N with the domain's IP
* While testing, it is better to use "~all" and not "-all" notation.
Someone should add this to the Plesk Wiki section.