I set up SPF

I set up SPF (aka Sender Policy Framework, aka Sender Permitted From) on my vanity domain name yesterday.
SPF is a method of publishing a list of servers used to send mail from my domain. If any message arrives from another source it should be treated with extreme suspicion or discarded. It is yet another tool used to authenticate a sending domain. The hope is that this will slow down the amount of spoofed email.


The main drawback of SPF is that I need to make sure I only send mail through servers on the “approved” list. There is the potential to break forwarding and mailing lists. When I send a message to a mailing list that doesn’t rewrite the sender, it will send it on the the recipients. If the recipient is using a SPF capable MTA, it will see that the mail claims to be from my domain, but the source IP address is the list server. The listserver wont be on my approved mail servers list and it will be blocked.
Perhaps if people start adopting SPF more, I’ll need to reevaluate this setting. It is possible to have an SPF record, but set it to allow mail from anywhere. You might wonder how that is different from not having a SPF record at all. It allows my mail to be received by a server that requires all senders to have a SPF record.
Creating a SPF record is rather easy. You head over to http://spf.pobox.com/ and use their SPF wizard. The next step requires that your DNS supports TXT records. Mine does. You enter the record in DNS (technique may vary by DNS provider). Wait for it to propagate. Head over to DNSStuff and try their SPF tester. Be careful not to screw up your DNS. I made my domain unreachable the first time I tried it. ๐Ÿ™‚