Enable SPF spam protection

[Pagemakers]

Can somebody explain what the 'Enable SPF spam protection' feature is for on the Mail page.

Is it supposed to be used in conjunction with Span Assassin?

Does it work well and what is the best setting to have it on?

 

[CruzMark]

http://www.openspf.org/

 

[Cranky]

The "safest" setting to ensure you don't lose genuine email that is sent from domains not using SPF yet is "reject if spf resolves to fail".

 

[atomicmak]

what are other options ?

SPF local rules

SPF guess

SPF explanation text

 

[atomicmak]

it would be good if someone expert post a good guide for hosting server with plesk to setup easy SPF to protect from spammers.

everything step by step.

 

[Pagemakers]

Yes Please

 

[Moretocome]

Did you guys check out the Help/Admin's Guide for Plesk 8?
I guess there should be the information you need.

 

[Cranky]

It's covered in Plesk interface help.

 

[atomicmak]

what about spf guess and other next textbox used for ?

as in plesk help its too short note on what is spf is all about.

i was thinking to get help to set parameter suitable for hosting server.

if there is any routine regular expression not to strict policy or other kind of.

as newbie for SPF i was looking for that help.

as i read somewhere that there is something to do with dns record too for SPF. if someone can help on this.

 

[eilko]

read all about it on http://www.openspf.org/
use their wizard to get the right DNS change
make the DNS change in your server
read the Pleskdocumentation about the other settings, they even give advice on what you should put there.

 

[Pagemakers]

Originally posted by Cranky
The "safest" setting to ensure you don't lose genuine email that is sent from domains not using SPF yet is "reject if spf resolves to fail".

Plesk recommend: "To accept all incoming messages regardless of SPF check results, select the Create only Received SPF-headers, never block option from the SPF checking mode drop-down box. This option is recommended."

What will that setting to?

Basically, is it a good or a bad idea to enable SPF spam protection and select one of the two options mentioned here?

 

[terrion]

There's a wizard on openspf.org that will help walk you through setting up your spf options, but like everyone else I'm a bit hesitant to do much with it yet.

 

[pixeline]

SPF for dummies

Basically, the two direct benefits of SPF i found are :

- ensuring a spammer/virus/trojan cannot send emails using your email address in the FROM field of the email.

- get legitimate emails to go through hotmail (and others of course) junk filter, and not be detected as spam.

I would describe SPF as a process by which a mailserver, when receiving an email with a "From field" indicating a domain hosted on your servers, can check that the mail server that did send the emails is listed as a legitimate server by the domain's DNS manager (you i suppose). He does so by requesting the SPF record of the email from field domain name.

The originating domain mail server will then reply either with:
- yes, it is valid (mail server is listed in my allowed mailservers ip addresses);
- no, it is not valid (mailserver not listed in my allowed mail servers ip addresses);
- failed = no spf record available
- dunno = spf record does not give an exclusive list of mailservers.

Microsoft did a SPF wizard that i found much better than the one listed above:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx

Now, attention please: when creating your SPF record, list your allowed mailservers (possibly mail.<domain>) but don't forget your users might be accessing the internet with an ISP obligating them to use the ISP's SMTP servers. (This is for example the case here in belgium with skynet - we have to use relay.skynet.be as SMTP server).
So these need to be listed too in the allowed servers. I'm not 100% sure of this but it seems logical to me. Can someone confirm this?

i hope this helps a bit,

Alex

 

[Traged1]

You should setup a secondary mail server service on port 587 if your ISP does not allow port 25. You can find the setup for this in this forum. That way you never have to relay any emails to the server, just use your domain's email server.

 

[Pagemakers]

Is there a log file anywhere on the server for all emails that get dropped by the "enable SPF spam protection option"?

 

[teknovision]

Hi all!

Thanks for your patience on this SPF stuff!!

Am I right in saying that at a domain level i.e. as opposed to server level DNS within Plesk, the entry is as follows?

Record Type: TXT (from dropdown)
Enter domain name: (Left blank)
Enter TXT record: (text/string from MS or SPF wizard)

Furthermore, what do I have to enter for server level SPF, would really appreciate template as above?

Once again thanks for responses, quality post!!

.//philippe

 

[admin InUnison]

I'm no GEEK, but I have to say this. I see it in posts everywhere and it is extremely frustrating.
Why is it people never answer anyone’s questions? You post a link to a site that explains it. Perhaps the issue is that these people have gone there and don't understand it. All the reading in the world is not going to explain it in lemans terms.

I have read and read and read about SPF, and I just don't get it. Which, I’m sure other people have done as well. There are sooooo many things that are just NOT the same for everyone. PLESK, is not just a single server hosting a single website, you could be hosting hundreds on one IP address. So, when you go to openspf.org and use their great little wizard (which doesn't explain itself all that well) and you have 200 websites sharing the same server do you have to include them all? That’s just one example.

Someone putting out a real world example would be a whole lot better. A good example educates a whole lot better than pages of unintelligible reading.

 

[NigelC]

Hi,
I too have had a bit of a battle with this functionality as one of our large retail ISPs refuses to allow mail to be sent unless through their mail server and several of our customer's mail servers are not accepting emails, reporting SPF errors.

After looking at openspf.org, and becoming more confused by their 'configurator', I found this on the 'SPF Record Syntax' page "v=spf1 +all" The domain owner thinks that SPF is useless and/or doesn't care....
which seems to be working, while I work out EXACTLY what I need(and how to configure it)...not exactly the best as I believe it effectively disables SPF by allowing all?, but gives me time to work out what is going on.

My webhost had also advised that SPF records can take 24hours to propogate(not sure if this is true?) which makes testing a long, tedious process.

The microsoft 'configurator' seems to be much easier to use and I have managed to quickly 'whip up' a new configuration to try rather easily.

Best Regards,
scribbly.

 

[Sven L.]

I'm no GEEK, but I have to say this. I see it in posts everywhere and it is extremely frustrating.
Why is it people never answer anyone’s questions? You post a link to a site that explains it. Perhaps the issue is that these people have gone there and don't understand it. All the reading in the world is not going to explain it in lemans terms.

agreed. if i come here seeking help it's because the help i found in "google" didn't help me enough or i didn't understand it and i seek for further explanation.

here's my situation:

i want to improve my servers spam protection and i need to know what would be appropiate values for these PLESK options:

- SPF local rules
- SPF guess rules
- SPF explanation text

an example and short explanation what each thing actually means would be most welcome.

and please don't point me elsewhere, because:

1) plesk interface help only displays a real short and useless help

2) info at openspf.org or the microsoft wizard is useless, as it shows me which SPF TXT DNS entries i need. that is NOT what i am asking for and i already have my SPF TXT DNS entries properly configured.

thx


PS: i know this is thread-necro. but this thread popped up when searching for help and the options are the same now on 11.5 than they were on 9.5.4