Use SPF protection to stop SPAM from your own domain

spf protectionDespite the fact that security is our top priority, so we regularly upgrade the protection of the web hosting platform to keep it up to date, we’ve received reports that some of our users tend to get spam e-mail messages from time to time. What’s even more disturbing, some of these messages appear to have been sent from their own domains, such as a spam message from whatever@domain-name.com received in their inbox and seemingly sent by their domain, john@domain-name.com.

Below, we will explain how this could happen, regardless of the lack of security glitches and the efficient spam filters that we provide. We’ll also advise you how to use the SPF protection optimally in order to minimize or fully prevent spam.

How do spammers manage to use your email address domain to send spam?

Spammers take advantage of the two basic e-mail exchange imperfections. First, unless you take due measures, the validation of an e-mail sender’s identity is insufficient. It’s not really that strict, so spam often makes it through. Second, whatever the measures, there is no technical way to prevent someone from sending you unwanted messages. Especially if the latter were skillfully disguised to look like they were sent from your own e-mail address.

How does SPF protection work?

In order to minimize the aforementioned fundamental e-mail exchange disadvantages, web hosting providers worldwide take special measures. These include various spam filters and electronic mail validation software.

To efficiently prevent spam, we use advanced SPF protection and DKIM (DomainKeys Identified Mail). This allows our users to verify whether their incoming messages are authorized or fraudulent at the server level. Thus, most of the spam is stopped before it can even reach your mailbox:

We believe that what we offer you is more efficient than regular spam filters which can be easily deceived. SPF and DKIM (DomainKeys Identified Mail) are aimed at the very source of every spam message – the mail server. They are both a standard on our advanced platform for the past several years.

Still, there are users which become a subject to persistent spam attacks. This means that they can experience problems even after having enabled SPF validation for all of their inbound emails. Listed below, are the additional measures that we’ve taken in order to stop this. Basically, what you need to do is control your mailboxes more strictly.

How to use SPF protection efficiently during persistent spam attacks?

From today, you will be able to select the level of SPF validation for your inbound e-mail flow. You can do this from the Email area of the Web Hosting Control Panel.

If you are afraid that you might miss out some valid messages, use the non-strict SPF checking mode.

The ‘Non-strict mode’ is available in the Mode drop-down menu when you are creating an SPF instance:

spf protection non strict mode

The brand new ‘Strict mode’ that we’ve just added can also be activated from the Mode drop-down menu:

spf protection strict mode

In brief – our new ‘Strict mode’ makes it possible for people who are a subject of multiple spam attacks and e-mail forgery to activate super-tight SPF protection for their mailboxes. In technical terms, the basic difference between the strict and the non-strict mode is a single symbol.

An SPF record also known as ‘loose’ or ‘softfail’ looks like this when non-strict mode is used:

v=spf1 ip4:10.0.0.1/32 ~all"

Here is the very same record in strict mode:

v=spf1 ip4:10.0.0.1/32 -all"

The mere difference between the abovementioned records is the ‘~/-’ symbol which is positioned in front of the ‘all’ parameter. Despite the fact that this may seem like a rather insignificant difference, it actually isn’t.

When using the non-strict mode, which includes the ‘~’ symbol, all of your inbound e-mail messages sent from a domain which doesn’t match the SPF record will not be rejected. Instead, they will be marked as potential spam. This means that a particular message’s spam score is what will determine whether or not it will show up in your mailbox.

When using the strict mode with the ‘-‘ symbol, all of your inbound e-mail messages sent from a domain which doesn’t match the SPF validation will be rejected right away.

SPF protection in strict mode – an example from practice

A good example of how strict SPF verification works in practice is an e-mail message which a customer of ours has received from a source identified as facebookmail.com. Although this seems legit at first look, the message was blocked instantly. The reason was that Facebookmail.com uses strict SPF settings only so that they can prevent anyone from using their domain for e-mail spoofing.

As recorded in our system:

2016-03-30 09:57:13 H=mail1485.netcetera.co.uk [81.27.104.205] F=<notification+p1cc6h=e@facebookmail.com> rejected RCPT <mail@XXXXXXXX.co.uk>: [SPF] Sender host (81.27.104.205) is not authorized to send mail from facebookmail.com. Please see https://www.openspf.org/Why?id=notification+p1cc6h=e@facebookmail.com& ip=81.27.104.205

Needless to say, if Facebookmail.com used non-strict SPF protection this spam wouldn’t have been identified and would have achieved its purpose.

As a result of the recent upgrades to the SPF protection, our platform is safer than ever! More importantly, now you and all your reseller hosting customers can exert tighter control over your e-mail accounts and minimize any kind of spam.

Do not hesitate to popularize this e-mail safety feature among your customers.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.