Metawerx Java Hosting Small Logo

How to stop people sending email from addresses at yourdomain.com

Question

Some emails are being sent out from our domain, eg: "From: Some Name < somename@ourdomain.com>". This person and that email address don't exist. Would you have any ideas on how this might be happening and how we can stop it?

Or...

We are getting hundreds of "mail could not be delivered" notifications, but we haven't sent any of this email. Help!

Answer

Due to the way SMTP works, there is no way to prevent anyone from sending emails that contain your domain name (or name) in the From: field of the emails.

This can be a problem, as spammers can use your name in their mail, causing all bounce messages and replies to go to you. It can also be a reputation risk, as your client may receive such a message, and believe you were the sender.

There is a new proposal called Sender Policy Framework (SPF) which is helping to prevent spammers using your identity in this way.

SPF allows mail servers to check for a specific record on your domain's DNS entry, which lists all of the allowed IP addresses and ranges that are allowed to identify themselves as your domain. (ie: the places you have authorised as being allowed to send emails from addresses@yourdomain.com).

For a full discussion, see the excellent entry at Wikipedia.

For your SPF record to work properly, the receiver's mail server must support SPF. SPF is currently supported on hotmail, gmail and at many other mail service providers including metawerx.

Even if a receiving mail server does not support SPF, spammers will normally avoid using your domain in the From-address if you have added SPF, as it lowers their chance of the mail getting through. They will more likely select an SPF-free domain as it is easier for them.

To set up SPF for a domain at metawerx, you will need to generate an SPF record, then send it to us. There are tools at http://www.openspf.org/ which assist in doing this.

Here is the Metawerx SPF record (as of 1-Jan-2006):

"v=spf1 ip4:210.50.196.160/27 ip4:211.27.225.64/29 ip4:203.59.1.0/24 ptr:iinet.net.au ip4:220.233.33.238 -all"

You can see this record using the following command:

dig metawerx.net TXT

Important Notes

  • Most SPF wizards create an entry with a ~all at the end. This is a soft-fail. After you are sure your SPF records are set up correctly, change this to a hard fail with -all, otherwise your records won't be truly effective.
  • The ip4: tag is not a list of IP addresses. It is a single address. Therefore, if you want to add multiple addresses, use separate ip4: tags in the SPF record.

Free Test Software for SPF records

navigation
metawerx specific
search
Share
tools
help

referring pages

Share