Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

How do I enable inbound email filtering with spf?

  

 
SPF help RSS feed   Index | Next | Previous | View Threaded


openspf.wes at wesandnorma

Mar 25, 2008, 12:20 PM

Post #1 of 3 (1294 views)
Permalink
How do I enable inbound email filtering with spf?
I'm like many, which have nearly zero knowledge of spf, but are trying
to learn. This question is so basic and I should have found the answer,
but after searching high and low, I can't seem to grasp it, hence my
post.

This is my situation: my domain is hosted at register.com, my mail
server is google app's.

The mx record at register.com points to ASPMX.L.GOOGLE.COM. , google's
mail server.

My goal is to filter inbound email with spf to minimize spam "FROM"
forgery. Is all I have to do is add the TXT record of: "v=spf1
include:aspmx.googlemail.com ~all" that google recommends at
register.com's site? Will this reduce my incoming forgeries? Do I have
to do something more at google's site, i.e., some coresponding TXT
record?

You can see that I'm a bit confused, so any clarification would really
be helpful. Thanks.

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


steve at teamITS

Mar 25, 2008, 1:15 PM

Post #2 of 3 (1230 views)
Permalink
RE: How do I enable inbound email filtering with spf? [In reply to]
chas wrote on 3/25/2008 2:20:30 PM:

> Is all I have to do is add the TXT record of: "v=spf1
> include:aspmx.googlemail.com ~all" that google recommends at
> register.com's site? Will this reduce my incoming forgeries?

Your domain's SPF record will help others to recognize and
refuse forged mail that is using your domain. The above record says
that any server covered by aspmx.googlemail.com is OK to send mail using
your domain, and that you are still testing your SPF record so don't
actually reject anything that comes from another server (to tell others
to do that, use "-all" not "~all").

Since your inbound mail is handled by Google's mail servers, it
is up to Google to add the functionality to their mail system to use SPF
to detect forged e-mail.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Does life seem worthwhile to you? HERE'S HOW TO ORDER! Send $20
to...

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


bwalton at rawbits

Mar 25, 2008, 8:30 PM

Post #3 of 3 (1232 views)
Permalink
Re: How do I enable inbound email filtering with spf? [In reply to]
At 12:20 03/25/2008, you wrote:
>This is my situation: my domain is hosted at register.com, my mail
>server is google app's.
>
>The mx record at register.com points to ASPMX.L.GOOGLE.COM. , google's
>mail server.

Adding a TXT (or an SPF) record for your domain will do nothing to
filter inbound mail for forged FROM domains. That is a job for the
receiving mail server, which has to check the SPF policy of the
apparent sending domain for each incoming message and determine if it
was sent by an allowed sending server. Adding an SPF policy record
(TXT or SPF) for your domain will allow others to determine if
messages they receive that claim to be from your domain really are
from your domain. If you don't control your mail server, there's
little you can do except jawbone your mail hosting provider to get
them to filter incoming mail based on checking SPF records. I think
Google already does this.

Adding the recommended TXT record for your domain is a good thing and
will contribute to the overall health of the Internet mail system -
but it won't reduce the amount of spam you receive.

>My goal is to filter inbound email with spf to minimize spam "FROM"
>forgery. Is all I have to do is add the TXT record of: "v=spf1
>include:aspmx.googlemail.com ~all" that google recommends at
>register.com's site? Will this reduce my incoming forgeries? Do I have
>to do something more at google's site, i.e., some coresponding TXT
>record?

--
Bill Walton bwalton [at] rawbits (831)338-0479 home
PO Box 850 (408)721-4346 bus
Boulder Creek, CA 95006-0850 (831)345-7135 cell

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: http://www.listbox.com/member/archive/1020/=now
RSS Feed: http://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.