“My First "Sender Policy Framework" DNS Record”

This morning, I set up my first Sender Policy Framework (SPF) record for one of the domains hosted by Macrobyte.

SPF is a new type of DNS record which is designed to prevent (or at least limit) email spoofing. Basically, Server B is receiving an email from Server A. Server A says the mail is from yourname@yourdomain.com. Server B checks the DNS for yourdomain.com to see if Server A is allowed to send email for yourdomain.com. If it is, great. If not, it's considered a spoof (what happens from there is probably up to the administrator of Server B.)

The SPF wizard makes it easier than it would have been otherwise, but it's still a huge pain in the butt. It's made especially difficult by the fact that all of the domains we host have mail sent through the clients' home ISP's. The names of those ISP's � or anyone other domain through which a client might send a legitimate email that appears to come from the domain we host (got that?) � must all go into the SPF record. In other words, if I host your domain foo.com, and you occasionally send mail from yourname@yourdomain.com through your ISP's mail server (which Earthlink, for example, actually requires), then I have to list that ISP in the SPF record.

If Macrobyte's DNS servers are going to include SPF records for all of the domains they host, then we have two choices: talk to every single client and work out a list of domains through which they might send email for the domain we host, or we can create a form for them to fill out so they can basically do it themselves.

With the latter route, of course, we then need to contact most of the clients who use it to correct the mistakes they'll inevitably make. This isn't their fault, though... most people understand literally NOTHING about the domain name system. I can't even imagine how I could explain what I need from them in a general way which will "click" with the average joe, nevermind allow them to fill out a web form with the information I need.

In the end, I'm probably going to start with the most technically adept clients, and work from there. One client at a time. Perhaps it will become easier as I gain experience, and I'll find the right way to ask the right questions.