Monday, September 7, 2009

Lets all fight spam

I sent myself an email last night to forward out to the team.  A while after getting to work I wondered where was my email?  It had been put in my spam folder!  Email is more critical to me than postal mail and I would love for it to be reliable.  I've had problems this year where important emails where put into my spam folder.

Sender Policy Framework (SPF) exists to help reduce spam and while I'm not sure if this will reduce the odds of emails from my domain being marked as spam I figured it won't hurt.

This blog post will describe how I setup SPF for my website which uses Google Apps for email and web content and GoDaddy's Total DNS product for Domain Name System configuration.  If you use the same infrastructure it will be easy copy and pasting.  If not you might have to do some additional reading, or switch your infrastructure :)

I ran across this page with SPF Tools including a wizard to generate an SPF record and some record testers.

Using their wizard I got this string: "v=spf1 mx ~all" spf1 means spf version 1, mx means accept mail from mail servers, and ~all means softfail all mail. So basically this would softfail all mail not sent from google's mail servers. This made sense. Being a cautious type I decided to see what Google Apps Admin Help has to say on the matter. Hmmmmmmmm they recommend "v=spf1 ~all".  This seems to do a DNS lookup at which redirects over to which has a list of acceptable IP addresses.  I decided to go with Google's recommended method.  I also decided to change the ~ which is a softfail to a - which is a fail.  Using the tilde seems to be a precautionary measure which reduces the usefulness of the spec.  It is interesting to note that the SPF Tool wizard generates SPF records with a ~ and so does GoDaddy's generator.......  But oh well I'll live on the wild side :)

To implement my record I login to GoDaddy's Total DNS Control and click add new text record.  For the TXT name I put "" and for the txt value I put "v=spf1 -all" and a Time To Live (TTL) of 1 hour.

Then I validate my results by emailing

Here are my results before implementing the changes:
  SPF check:          neutral
  DomainKeys check:   neutral
  DKIM check:         neutral
  Sender-ID check:    neutral
  SpamAssassin check: ham

Here are the results after:
  SPF check:          pass
  DomainKeys check:   neutral
  DKIM check:         neutral
  Sender-ID check:    pass
  SpamAssassin check: ham

Then I emailed my work account and got my email sent to the spam folder still.  Rats.

No comments: