Options dialog - DNS - Automatic SPF Records
(Main window -> Options button -> DNS / Automatic SPF section)
Copyright © 1999-2008 JH Software ApS
Options dialog - DNS - Automatic SPF Records |
Simple DNS Plus v. 5.0 Copyright © 1999-2008 JH Software ApS |
|
| • | Synthesize TXT-records from SPF-records for local domains This options allows you to publish SPF-records for your domains without maintaining identical TXT-records (for older e-mail servers). If the server receives a DNS request for TXT-records for a name, and no TXT-record exists but an SPF-record does exist, it will respond with a synthesized TXT-record containing the same data as the SPF-record. |
| • | Synthesize missing SPF records (TXT and SPF) for local domains |
Using this option you can provide SPF records for all domain names on your server without having to setup and maintain SPF-records separately for every single domain name.
If you need to provide unique SPF-records for certain domain names, you can still setup individual SPF-records for those names. This function only kicks in when there are no SPF-records defined for a domain name already.
Consider enabling this option with the value to "v=spf1 -all" (meaning "these domains never send e-mail").
This forces you to have specific SPF-records for all domain names that send e-mails.
But it very effectively prevents spamming/phising from all other domain names on your server - including common sub-names such as www.example.com which most users forget to setup SPF records for.
A good alternative to this is "v=spf1 mx -all" (meaning "these domains only send e-mail from the mail server listed in their MX-record").
This way any domain name that has an MX-record is covered automatically.
And sub-names such as www.example.com which typically do not have MX-records are still excluded.
IMPORTANT: These synthesized records are provided in responses to standard DNS lookups for SPF- and TXT-records only - they are NOT provided in zone transfers to secondary DNS servers. Therefore you must configure this option the same way on any secondary DNS servers for your domain names.
NOTE: This function is automatically disabled for requests for any domain name containing the underscore (_) character to avoid collision problems with special purpose names such as "_domainkey".
Background:
SPF is a spam and phising fighting method which uses DNS records to define which hosts are permitted so send e-mails for a domain.
Early implementation of SPF used DNS TXT-records to store these permissions. However a new dedicated SPF-record type was recently added to the DNS protocol specifically for this purpose.
When SPF enabled e-mail servers receive an inbound e-mail (via SMTP) they will lookup the DNS SPF-record (SPF or TXT type) for the domain name of the senders e-mail address in order to verify that sending e-mail server's IP address is permitted to send e-mail for that domain name.
For details more on SPF, please see http://www.openspf.org