Secure Mail update to all MspPortal partners take the time to read


I have been receiving more calls about the low end appliances and hosted spam services from other vendors starting to implement SPF records as a way to control “Spam” this is all do to the fact from my observation they do not have the quality nor diversification to controlling spam like the products you use with MspPortal (secure mail) in conjunction with our OEM Partners.

I am suggesting that you add SPF records to all your clients zone records not as an alert but as being proactive to the changing landscape of the handling of “Spam”.

What is SPF?
Sender Policy Framework, or SPF, is an authentication protocol whereby a mail server will check the SPF records for any domain it receives mail from against the IP address that the message is being transmitted from. If the sending domain has published SPF records, and the IP address(es) listed for the domain on those records does not match the IP that the email is coming from, it will reject that mail as forged.

Of course, with our inbound filtering in place, all mail appears to be coming from our IP addresses, rather than from the actual IPs of the sending domains. Since only a small percentage of domains publish SPF records, this issue only surfaces with some sending domains, but the potential impact is that any incoming message being sent by an SPF-publishing domain may be rejected.

If your mail server or server-based anti-spam software uses SPF, you should enable SPF support in our filtering service, to avoid the potential problem described above.

Can I continue to use SPF (Sender Policy Framework) on my mail server?

Yes, though you should make sure that SPF is enabled for your domain in the control panel. SPF can be enabled in the Management > Inbound Filtering > Mail Delivery area, in the SPF tab.

Can or should we establish SPF (Sender Policy Framework) records for our domain for our outbound mail?

While the use of SPF is growing and can be of some help in identifying junk mail, only a small percentage of mail servers look up SPF records when receiving email. If you do wish to establish SPF records for your domain, and you are using our service for outbound email filtering, you should add our IP addresses to your SPF record. Rather than publish our specific IP addresses which can change over time, we recommend adding the following DNS entry:

IN TXT “v=spf1 ip4:1.2.3.4 include:smtproutes.com include:smtpout.com ~all”

(In this example, 1.2.3.4 is the IP address of your mail server or the outbound IP used on or service – that should be replaced with the public IP address of your sending mail server.)

Publishing your SPF record will not decrease the amount of junk mail you receive, nor will it prevent spammers from spoofing your domain name when sending junk mail — but it will make it easier for some anti-spam solutions to determine whether email messages from your domain are actually being sent by you or not.

Folks be proactive and help your client help you be successful

Thank you for doing business with MspPortal

Roy Miehe | MspPortal.net | Ceo/President
WatchGuard Security Expert

Comments are closed.

%d bloggers like this: