C-Command Software Forum

Question about SPF and DKIM (more a plea for help, really)

Hello, All- sorry if this is a little off-topic, but I can’t think of a more knowledgeable group to ask. In the 20+ years that I’ve owned a couple of business and personal domains, they’ve periodically been “hijacked” and used to generate spam. I noticed this because either (a) people told me they were getting spam from me or (b) SpamSieve would actually catch it if it was mailed to me at the same address.

I recently started looking into putting SPF and/or DKIM DNS records into my domains (hosted by 1and1 and namecheap, respectively, which are also my mail hosts). I’ve tried tools like spfwizard.com to generate the SPF records, then used another tester to validate them, and it appears that I have the syntax right and I have them in the right record (TXT). But I have to be honest and admit I really don’t know what I’m doing in this case (I’m not exactly a n00b but have never come close to reading these RFCs).

So, my questions: is this worth doing? Does it help in the “global war on spam”? How can I find out if it’s even working? Can it break something (like my business email)?

At the very least I was hoping that using SPF or DKIM would make their spam filters tag any spam that appeared to originate from me. Does SpamSieve use this data? Or is it used in the server rather than by the mail client? Or am I way off base going this route?

Any feedback (positive and/or brutally honest) would be much appreciated! Thanks!

-Eric

Yes. The primary benefit would be to increase the chances that a message you send will be received by the recipient. SPF lets the recipient’s mail server verify that the message was sent by a server that is authorized to send from your domain.

Yes. The other side of the coin is that if your domain has an SPF record, that helps other receiving mail servers identify messages from your domain that you did not authorize. Some mail servers will refuse to even accept such messages. Others will accept them but treat them as more likely to be spam.

If you know of a receiving mail server that is configured to be strict about SPF, you can send a message to it through the correct server, and it should get through. The server may even add a Received-SPF header to the message indicating “pass”. On the other hand, if you send through an unauthorized mail server and forge your return address, the server would reject the message or mark it as “fail” in the header.

Secondly, you are probably getting backscatter spam now: messages sent from your domain to invalid addresses at other domains. The receiving mail servers then bounce these messages back to you as undeliverable. If you add an SPF record, and the receiving mail server supports SPF, it won’t bounce back messages that were not authorized, so this would reduce the spam that you get.

Yes. If you don’t configure your SPF record properly, it will make legitimate messages that you send look invalid, and so they might not get through. So be sure to use the online validators and to consider all the ways that messages might be sent from your domain. For example, there might be different IP addresses for the SMTP server that your mail client is using and for the PHP script sending messages from a Web form on your site. And these IP addresses might change if your hosting provider makes changes in its data center. So see how your provider recommends that you do it, and if there is a record that you should include rather than entering the IP address directly.

It’s more intended for use by the server. SpamSieve currently ignores it but may do something with it in the future.

SPF and DKIM - thanks!
Michael- thanks for that very useful information. It’s what I needed to know, and now I’m comfortable proceeding to make sure I get the records set up correctly and locate a server to test them. As always over the years, your advice is much appreciated!

Eric