is common to hear about implementing SPF to reduce SPAM, and even helps a lot, is not the main purpose of it. So what is SPF? If we refer to the same Wikipedia says that SPF is a protection against address spoofing in email delivery. "
happens when the SMTP protocol was devised it was thought a very similar pattern to what was known, which is the post, trying to imitate the best. But in doing so we are on the internet with a problem that exists in real life, and that on receipt a letter, but that this is "certified" and asked to confirm their receipt, upon receiving no guarantees the identity of the issuer thereof. To counter this problem is that SPF emerged.
SPF is a technique by which, upon receiving an email we can, through a DNS query to verify whether the IP from which we are receiving the mail is authorized to deliver mail from the sender's domain., And thereby decide whether or not to accept mail.
For this verification can be carried out must have been two completely separate processes. On the one hand, the issuer must have added a TXT type record armed especially in its DNS zone with the list of servers authorized to send mail. On the other hand, given the domain's mail server host must configure your server to perform the testing of each incoming mail.
Adding records for verification of SPF nuetra domains is a relatively simple task and generate the record even more because there are a couple of sites that help us create that special registration then we add to our DNS server. Among the sites that help us create this record we can highlight the openSFP site.
An SPF record more or less simple, for our domain example.com , can become something more or less:
The last part of the line, the " -all" policy is to be used if the receiver does not match the server's IP any of the listed issuer. In our case, the "-all" indicates that only the IP listed in the registry is authorized to send mail, and therefore if you receive an email from another IP that is not listed, they should be treated as false and discarded.
opposite policy is to "? All " with which we can get emails stating that IP not listed, and that these posts should be treated as "neutral" and be accepted.
A third policy, and is in fact is suggested in most cases, it is "~ all ." This policy is considered a "SoftFail" or "mild failure." This allows us to tell the receiver that may cause the IP which is receiving the mail is not listed among valid IP but may not be a fake identity, and if you also use other means to complete the verification.
These other techniques are performed in case of a "SoftFail" is searching through the header of incoming mail to any of the valid IP to see if the origin of e is one of the servers allowed. The latter policy is that we use, For example, if your mail server uses another server to forward the mail (or smarthost relay server) and do not always know the output of the IP relay server. This simple
TXT record added to our DNS zone is that we are preventing others from sending mail on our behalf, and thereby avoiding, for example, the mail bounces from spam sent by others using our domain.
happens when the SMTP protocol was devised it was thought a very similar pattern to what was known, which is the post, trying to imitate the best. But in doing so we are on the internet with a problem that exists in real life, and that on receipt a letter, but that this is "certified" and asked to confirm their receipt, upon receiving no guarantees the identity of the issuer thereof. To counter this problem is that SPF emerged.
SPF is a technique by which, upon receiving an email we can, through a DNS query to verify whether the IP from which we are receiving the mail is authorized to deliver mail from the sender's domain., And thereby decide whether or not to accept mail.
For this verification can be carried out must have been two completely separate processes. On the one hand, the issuer must have added a TXT type record armed especially in its DNS zone with the list of servers authorized to send mail. On the other hand, given the domain's mail server host must configure your server to perform the testing of each incoming mail.
Adding records for verification of SPF nuetra domains is a relatively simple task and generate the record even more because there are a couple of sites that help us create that special registration then we add to our DNS server. Among the sites that help us create this record we can highlight the openSFP site.
An SPF record more or less simple, for our domain example.com , can become something more or less:
example.com. IN TXT "v = spf1 a ptr to: 192.168.1.1 to: mail.example.com-all"With this line added to the DNS zone file nuetra are indicating that the servers can deliver mail for the example.com domain are :
- to -> the ip with which to resolve the domain (obtained with a simple d example.com to ig)
- prt -> any IP address that is the inverse within the zone example.com ( dig-x ip_del_servidor_emisor
) - to: 192.168.1.1 -> 192.168.1.1 IP
- to: mail.example.com -> the IP that has registration mail.example.com (mail.example.com to dig )
The last part of the line, the " -all" policy is to be used if the receiver does not match the server's IP any of the listed issuer. In our case, the "-all" indicates that only the IP listed in the registry is authorized to send mail, and therefore if you receive an email from another IP that is not listed, they should be treated as false and discarded.
opposite policy is to "? All " with which we can get emails stating that IP not listed, and that these posts should be treated as "neutral" and be accepted.
A third policy, and is in fact is suggested in most cases, it is "~ all ." This policy is considered a "SoftFail" or "mild failure." This allows us to tell the receiver that may cause the IP which is receiving the mail is not listed among valid IP but may not be a fake identity, and if you also use other means to complete the verification.
These other techniques are performed in case of a "SoftFail" is searching through the header of incoming mail to any of the valid IP to see if the origin of e is one of the servers allowed. The latter policy is that we use, For example, if your mail server uses another server to forward the mail (or smarthost relay server) and do not always know the output of the IP relay server. This simple
TXT record added to our DNS zone is that we are preventing others from sending mail on our behalf, and thereby avoiding, for example, the mail bounces from spam sent by others using our domain.
0 comments:
Post a Comment