The SPF feature in Mailtraq is used to prevent spam.
When you select 'Enforce Sender Policy Framework' messages that come from mail servers for domains that do not have a DNS SPF record will be rejected.
Warning
Many domains do not have valid SPF records, so selecting 'Enforce Sender Policy Framework' may result in you rejecting valid messages.
Mailtraq's SMTP service supports the SPF Sender Policy Framework for analysing received mail. SPF is one of many tools Mailtraq provides to fight spam.
How do I enable SPF in Mailtraq ?
SPF is available in all editions.
To enable SPF you only need to check a single checkbox.
There is no further configuration needed:
- In the menu, click Options, and Services
- Choose your SMTP Service, and click Properties
- On the Black Lists tab, click Explicit Black Lists
- On the Senders tab, check "Enforce Sender Policy Framework"
Background
What is SPF Sender Policy Framework ?
- Domain owners list the servers they use to send out mail.
- Mailtraq rejects mail that purports to have come from a domain, but actually came from somewhere else.
Sender Policy Framework is being increasingly used by large providers. For example AOL, Earthlink, Dyndns, and companies like Amazon.com all use SPF. This means that when a spammer pretends to be sending mail from them, you can quickly reject the mail, before it can waste your time and resources, or worse, introduce viruses, worms etc. You can read more about SPF at www.openspf.org
My Mailtraq collects via POP3 from my ISP. Can I use SPF ?
SPF is provided as a feature of the SMTP service. If you are receiving mail by making a POP3 collection from your ISP, you are relying on their anti-spam features, and Mailtraq's SPF blocking cannot be used (the ISP has effectively already accepted the mail for you, so by the time it gets to Mailtraq it is too late). You should consider receiving mail by SMTP instead, as Mailtraq normally provides much better control over your email than your ISP can. Your ISP should be able to advise on how to make this change.
Will the Mailtraq reject mail if the domain doesn't publish an SPF record ?
No. Mailtraq will only reject mail if the domain the email purports to come from has a valid SPF record, and the email is coming from a machine not listed in that record. If there's no record, the mail will come through.
Do I need to have an SPF record for my own domain for SPF to work ?
No, you don't need to do so, but it will greatly enhance the effectiveness of the filter if you do, because many forged mails purport to come from the domain they are being sent to.
It will also prevent forged mail being sent out as coming from your domain reaching other people who are using SPF-enabled mail servers - reducing the quantity of rogue bounce messages you receive.
I am getting messages rejected because I don't have an SPF record
550 5.7.1 SPF unauthorized mail is prohibited.
How do I set up an SPF record for my domain ?
You need to add an entry to the DNS for your domain. This is a TXT record, and has to contain a specially crafted string defining the public-facing IP addresses of the machine or machines you use to send mail.
Click here for a Wizard to help you create this string. Click here to test a string.
If you don't control your own DNS record you'll need to contact the people who do, to add the string in.
This is added into your DNS record, not into Mailtraq.
This is an example of a typical DNS Record management screen. Yours may not look exactly the same.
There may be a SPF tool provided, for example:
or you may need to create your own record using one of the tools we mentioned above.
You will expect to end up with an SPF entry something like the following examples:
The top row is the SPF entry. The second row is the DKIM entry.
