Please use SPF with your domains!

Spam really does piss me off.    I am getting to the stage where even with Antispam solutions in place, I still get too much.    I am considering making it that any freeware service is blocked.   The final straw was today when I got a very clever spam that I honestly thought I knew the sender and clicked the link…   lets just say that it took me to a very nasty site…   one I would not wish anyone to see.

Anyway…  enough ranting, because there is one thing that everyone should be made to do in their DNS Setup.    That is your SPF Record!    It is a simple task to add to your own DNS servers, or for the ISP to add if they look after your domain.

To test if you have a SPF Record, do the following:

1. Go into a command prompt
2. Type “nslookup” and press return
3. Type “set type=txt” and press return
4. Type the domain you wish to check.   Try nickwhittome.com as an example of a good record. Press return after typing in the domain.

If you get no TXT Record back, then you should contact your ISP and hassle them to set this up for you!   If they do not know what you are talking about, point them to http://www.openspf.org/ which will give them (and you) all the answers.

If everyone implemented this then spam would be much less of a problem!

  2 Replies to “Please use SPF with your domains!”

  1. June 16, 2006 at 3:47 pm

    What do you think about not generating NDRs anymore? I just did a post on this (http://addicted-to-it.blogspot.com/2006/06/exchange-uce-how-to-handle-ndrs-non.html) – as I’m starting to see problems of NDRs perceived as spam by recipients (e.g. incoming mail is scored as spam, high-scores get bounced NDRs to faked from addresses, the unsolicited NDRs get detected as Spam).

  2. June 17, 2006 at 8:21 am

    Normally I disable them except for two scenarios on our default installations:

    An employee leaves the company we setup a temporary autoreply. (Using GFI Mailessentials in our case)

    Custom blacklists. If the person has been specifically added to the internal user controlled blacklist, then we send a NDR.

Leave a Reply to Nick Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.