How to set up a proper mail server SPF TXT record in Bind (named) DNS server

About SPF Record

An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. It is as easy to adding as MX or A records in your DNS zone.

Why It Is Important?

Today, nearly all abusive e-mail messages carry fake sender addresses. Spammers send email from their mail servers but with your ‘domain’ as the sending email. The victims whose addresses are being abused often suffer from the consequences, because their reputation gets diminished and they have to disclaim liability for the abuse or waste their time sorting out misdirected bounce messages.

The purpose of an SPF record is to prevent spammers from sending messages with forged ‘From Addresses’ at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.

I’ve recently figured out that some of the SPF records I’m using for some of the administrated by me mail servers, was found to be incorrect by Microsoft’s mail servers for hotmail.com, msn.net and live.com .

Probably the SPF records that I used by so far were found to be incorrect by other mail account service providers also.
As a consequence of this wrongly considered SPFs” Microsoft mail servers were either rejecting my mail server messages or putting the received messages in the Junk folder.

The SPF records which were shown as incorrect according to Microsoft SPF checking Mechanism called SenderID SPF Record Wizard were defined in my bind dns domain zone file as follows:

mydomainname.com. IN TXT "v=spf1 mx ip4:123.124.128.125 ~all"

Using this TXT SPF record dns configuration Microsoft’s Sender ID SPF Record Wizard claimed I had no SPF records at all e.g., checking with the wizard I was returning the error

No SPF Record Found

Microsoft’s Sender ID Framework SPF Record Wizard is available from: The URL address http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/.

Therefore if you’re experiencing some kind of difficulties with sending properly email messages to Microsoft mail domain names or to some other major mail providers like Yahoo, it’s very likely that you might have a misconfigured SPF record just like me.

To deal with the situation I had to check my SPF record with the simple:

"v=spf1 a -all"

The complete TXT record which needs to be placed in the zone file of your domain name looks like so:

mydomainname.com. IN TXT "v=spf1 a -all"

The the meaning of this TXT SPF record is that the IP address in the “A” record for the name is theonly IP address that’s allowed to use that server’s name

After that change hopefully if you’re experiencing mails entering automatically in Junk filter / mail folder with msn.com, hotmail.com, live.com or yahoo.com this problems should be immediately solved.

Checking again with the the Microsoft SenderID online tool I got an output that my SPF record is correct like you read below the output that poped up from Microsoft’s page:

Sender ID Framework SPF Record Wizard

Step 2 of 4: Display Published DNS Records

The wizard has checked DNS for information about prize.bg  including: SPF, MX and A records. This information is displayed below.

If an SPF record was found, you can verify its contents here and use the remaining steps of this wizard to modify the record if necessary. If no SPF record was found, you can use information from the domain’s MX and A records to create a new SPF record.

Click Next to continue.

SPF Record Found
One or more functional SPF record(s) have been found for the domain mydomain.com
The full text of the domain’s SPF record is as follows.

v=spf1 a -all

Another tool which helped me a lot in debugging problems with my SPF records is found on the address http://www.kitterman.com/spf/validate.html so it might be wise to use it as well in order to check that your SPF records are correct.

Advertisements

Posted on June 12, 2015, in Linux (Ubuntu/CentOS). Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: