Sender Policy Framework (SPF) - Document addressed only for customers that are NOT using Business Catalyst as hosting provider

Adobe Employee ,
Apr 03, 2013 Apr 03, 2013

Copy link to clipboard

Copied

SPF General Overview:

SPF also known as Sender Policy Framework is a protocol that help you controlling forged e-mail. SPF is not directly about stopping spam, junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren't. While not all spam is forged, virtually all forgeries are spam. SPF is not anti-spam in the same way that flour is not food: it is part of the solution.

If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, since the forged e-mails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Since an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate e-mail from the domain is more likely to get through.

How it works:

Let's say a spammer forges a yahoo.com address and tries to spam you. They connect from somewhere other than Yahoo.

When his message is sent, you see MAIL FROM: <forged_address@yahoo.com>, but you don't have to take his word for it. You can ask Yahoo if the IP address comes from their network.

(In this example) Yahoo publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Yahoo.

If Yahoo says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it's a forgery. That's how you can tell it's probably a spammer.

This is definitely something that I want so what should I do next to have this in place?

Since you are not using Business Catalyst's hosting service you need to go to your hosting provider and create the following record:

Record name should be something like @(or enter the non-WWW domain) to map the record directly to your domain name

Record type should be TXT

Record value should be v=spf1 mx include:worldsecuresystems.com ~all

Record TTL should be 1 day (86400 seconds) - TTL represents how long the server should cache the information.

You have below links on how to add TXT records from some of the biggest hosting providers:

GoDaddy - http://support.godaddy.com/help/article/7925/adding-or-editing-txt-records

HOSTGATOR - https://support.hostgator.com/articles/specialized-help/email/problems-with-spoof-spf

BLUEHOST - https://my.bluehost.com/cgi/help/559

JUST HOST - https://my.justhost.com/cgi/help/559

TOPICS
Documentation

Views

10.2K

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
May 08, 2013 May 08, 2013

Copy link to clipboard

Copied

Is it necessary to setup the SPF records for BC clients where their email is being hosted at another provider besides Adobe BC (Google Gmail for example)...

Patrick Steil

http://www.churchbuzz.org

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
May 16, 2013 May 16, 2013

Copy link to clipboard

Copied

Hi Patrick, I had exactly the same question.  After chatting to support I thought I would post here for everyone looking for help, since the Adobe docets don't make plain the answer to the questions below...

Q: Is it necessary where emails are externally hosted? (i.e. DNS is external)

A: Yes, you must add the SPF record if it does't already exist AND you must add the TXT record

Q: Why is this necessary?

A: "This will make sure the system emails from BC are considered as legitimate emails" for "...any system emails, workflows, invoices, or any other emails" going out from the system.

Q: Will it interfere with the 3rd party email resource

A: I don't know. I hope not.

Best

Wayne

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 22, 2013 Jul 22, 2013

Copy link to clipboard

Copied

Thank you for this guide, Andrei.  It's very helpful.  I created a very long SPF record using Microsoft's SPF Wizard here:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Here is my new SPF record:

v=spf1 mx ip4:54.236.189.64 mx:mx1.emailsrvr.com mx:mx2.emailsrvr.com a:worldsecuresystems.com include:emailsrvr.com include:worldsecuresystems.com ~all

The client hosts their domain name at their registrar (Network Solutions).  Adobe calls this an Externally Hosted DNS. 

This client has a Business Catalyst site at the North American data center and we regularly use BC's integrated Email Marketing system to send emails to clients. 

[I do notice that AOL clients always return a hard bounce when emails goes out from the BC Email Marketing system.]

We also use a third-party provider for email services--a company called Rackspace.com.  For a long time, I only included Rackspace's domain (include:emailsrvr.com ~all) as an authority for sending emails for "XYZ-company.com".  I recently changed the SPF record to the one seen above.  I think I have identified all the servers, domains and IPs that are used to generate email related to "XYZ-company.com".

My main concern is to ensure that BC's Email Marketing system is seen as a valid sending domain / IP address for my client's domain name.

Thank you in advance for your help and expertise in this most confusing issue.  In the future, I'm going to encourage clients to use BC's name servers.

Warm Regards,

-- Abel Anderson

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 22, 2013 Jul 22, 2013

Copy link to clipboard

Copied

I found a much easier SPF generator to use:  http://spfwizard.com .  It's much less complicated than Microsoft's SPF Wizard.

It kicked out this much lighter SPF record:

v=spf1 mx a include:emailsrvr.com include:worldsecuresystems.com ~all

I was able to logon with Adobe BC Support Chat and confirm that the "include:worldsecuresystems.com" is sufficient to cover all IP address used to send emails by the Business Catalyst Email Marketing platform.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 09, 2014 Jul 09, 2014

Copy link to clipboard

Copied

LATEST

I came here looking for answers to this question. I thought I may have to post the question...but there is no need to do so now. The answer by befree above is exactly what I needed...Thanks everybody.

- Mark Capstone

<link removed - kglad>

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines