DNS and SPF

2005-03-13 Internet · Linux

Just been updating my DNS for timc3.com as I ran a health check from DNS report a tool that I wish I knew about ages ago as it checks many things to do with the domain, the output looks like this and although there are still a couple of warnings this is down to my mail provider and not me!

There are other tools that are useful over at DNS Stuff that are as useful as any over at SamSpade and would help in tracking down a problem.

I also took the opportunity to put in an SPF (Sender Policy Framework) record into the domain, this is the first one that I have done and I went straight ahead using the tools at [][5]http://spf.pobox.com/ to do this. It seem straightforward but the test will come by seeing if I get any problems with my mail in the next few days!

SPF helps to confirm the identity of a mail sender by listing all the mail exchanges and hosts allowed to send an email for a domain. Hopefully it will cut down on spam before I get too much as I am reasonably lucky so far. I already use auth SMTP as my provider uses this (yes for this domain I am not hosting my own mail servers – it costs so little and I couldn’t be bothered to keep patching sendmail though as other posts have concluded I am now rather taken by the debian default of exim.

The SPF records can also be certified, so if you send out large volumes of email then this can help with the authenticity of your messaging. To explain it in one minute I have lifted this from the spf site:

Domains use public records (DNS) to direct requests for different services (web, email, etc.) to the machines that perform those services. All domains already publish email (MX) records to tell the world what machines receive mail for the domain.

SPF works by domains publishing “reverse MX” records to tell the world what machines send mail from the domain. When receiving a message from a domain, the recipient can check those records to make sure mail is coming from where it should be coming from.

With SPF, those “reverse MX” records are easy to publish: one line in DNS is all it takes.

There is more interesting information on SPF in the Faq at http://spf.pobox.com/faq.html .