Sender Policy Framework (SPF) - Document addressed only for customers that are NOT using Business Catalyst as hosting provider

Report · Apr 03, 2013

SPF General Overview:

SPF also known as Sender Policy Framework is a protocol that help you controlling forged e-mail. SPF is not directly about stopping spam, junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren't. While not all spam is forged, virtually all forgeries are spam. SPF is not anti-spam in the same way that flour is not food: it is part of the solution.

If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, since the forged e-mails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Since an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate e-mail from the domain is more likely to get through.

How it works:

Let's say a spammer forges a yahoo.com address and tries to spam you. They connect from somewhere other than Yahoo.

When his message is sent, you see MAIL FROM: <forged_address@yahoo.com>, but you don't have to take his word for it. You can ask Yahoo if the IP address comes from their network.

(In this example) Yahoo publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Yahoo.

If Yahoo says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it's a forgery. That's how you can tell it's probably a spammer.

This is definitely something that I want so what should I do next to have this in place?

Since you are not using Business Catalyst's hosting service you need to go to your hosting provider and create the following record:

Record name should be something like @(or enter the non-WWW domain) to map the record directly to your domain name

Record type should be TXT

Record value should be v=spf1 mx include:worldsecuresystems.com ~all

Record TTL should be 1 day (86400 seconds) - TTL represents how long the server should cache the information.

You have below links on how to add TXT records from some of the biggest hosting providers:

GoDaddy - http://support.godaddy.com/help/article/7925/adding-or-editing-txt-records

HOSTGATOR - https://support.hostgator.com/articles/specialized-help/email/problems-with-spoof-spf

BLUEHOST - https://my.bluehost.com/cgi/help/559

JUST HOST - https://my.justhost.com/cgi/help/559

Report · May 08, 2013

Is it necessary to setup the SPF records for BC clients where their email is being hosted at another provider besides Adobe BC (Google Gmail for example)...

Patrick Steil

http://www.churchbuzz.org

Report · May 16, 2013

Hi Patrick, I had exactly the same question. After chatting to support I thought I would post here for everyone looking for help, since the Adobe docets don't make plain the answer to the questions below...

Q: Is it necessary where emails are externally hosted? (i.e. DNS is external)

A: Yes, you must add the SPF record if it does't already exist AND you must add the TXT record

Q: Why is this necessary?

A: "This will make sure the system emails from BC are considered as legitimate emails" for "...any system emails, workflows, invoices, or any other emails" going out from the system.

Q: Will it interfere with the 3rd party email resource

A: I don't know. I hope not.

Best

Wayne

Report · Jul 22, 2013

Thank you for this guide, Andrei. It's very helpful. I created a very long SPF record using Microsoft's SPF Wizard here:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Here is my new SPF record:

v=spf1 mx ip4:54.236.189.64 mx:mx1.emailsrvr.com mx:mx2.emailsrvr.com a:worldsecuresystems.com include:emailsrvr.com include:worldsecuresystems.com ~all

The client hosts their domain name at their registrar (Network Solutions). Adobe calls this an Externally Hosted DNS.

This client has a Business Catalyst site at the North American data center and we regularly use BC's integrated Email Marketing system to send emails to clients.

[I do notice that AOL clients always return a hard bounce when emails goes out from the BC Email Marketing system.]

We also use a third-party provider for email services--a company called Rackspace.com. For a long time, I only included Rackspace's domain (include:emailsrvr.com ~all) as an authority for sending emails for "XYZ-company.com". I recently changed the SPF record to the one seen above. I think I have identified all the servers, domains and IPs that are used to generate email related to "XYZ-company.com".

My main concern is to ensure that BC's Email Marketing system is seen as a valid sending domain / IP address for my client's domain name.

Thank you in advance for your help and expertise in this most confusing issue. In the future, I'm going to encourage clients to use BC's name servers.

Warm Regards,

-- Abel Anderson

Report · Jul 22, 2013

I found a much easier SPF generator to use: http://spfwizard.com . It's much less complicated than Microsoft's SPF Wizard.

It kicked out this much lighter SPF record:

v=spf1 mx a include:emailsrvr.com include:worldsecuresystems.com ~all

I was able to logon with Adobe BC Support Chat and confirm that the "include:worldsecuresystems.com" is sufficient to cover all IP address used to send emails by the Business Catalyst Email Marketing platform.

Report · Jul 09, 2014

I came here looking for answers to this question. I thought I may have to post the question...but there is no need to do so now. The answer by befree above is exactly what I needed...Thanks everybody.

- Mark Capstone

Adobe Community

Sender Policy Framework (SPF) - Document addressed only for customers that are NOT using Business Catalyst as hosting provider