I really hate spam.  I’m sure just about everyone does.  I really hate it though when spammers forge my own email address as the sender, then I mark it as spam, then I inadvertantly end up having legit emails dumping into my spam box!  Ouch, talked about a breakdown in communication.

One way to solve the issue is to setup what’s called an “SPF” record (Sender Policy Framework).  An SPF record is simply a line in your domain’s zone file (each domain name has a zone file on it’s primary DNS server that tells the world where to find IP’s who serve that domain) that specifies which IP is allowed to send mail FROM your domain.

For example, adding this line to your zone file:

domain.com IN TXT v=spf1 a mx ip4:<IP_ADDRESS> ~all

will tell your server, and other third party servers, to reject mail that contains domain.com as the sender but also is NOT coming from <IP_ADDRESS>.  So this means if Joe spammer decides to send a messages to a Yahoo Mail address, but forges the email to look as if it came from you, and Yahoo checks for SPF records, then the spammer will not succeed.

Obviously, the down side to SPF is that

• not everyone implements SPF checks
• if Yahoo or another mail provider does check SPF records and your domain doesn’t have an SPF record in place, you might be at risk of being denied sending mail to their servers even though you are legit.

But really, SPF records, I love it.  No more forging from spammers.  Simple.  Now everyone should do it.