Are you worried about emails from your domain ending up in a spam folder somewhere? Here’s how to authenticate your domain so email servers recognise your emails as being genuinly from your domain.

Sender Policy Framework records allow domain owners to specify which hosts are allowed to send email on behalf of their domains. Normal SMTP allows any computer to send an email claiming to be from anyone. Thus, it’s easy for spammers to send emails with forged From: addresses. SPF allows a domain owner to use a special format of DNS TXT records to specify which machines or hosts are authorized to transmit email for their domain; this makes it difficult to forge From: addresses.

For example, if you own the domain example.com, you can set which hosts are authorised to send email originating from user@example.com. Your recipient’s servers will then identify the origin of your message by checking it’s SPF record.

If you’re using Google Apps, Google encourage you to publish SPF records for your domain. Having these records in place will ensure that messages sent from users in your domain are not rejected by the recipient’s domain.

To set your domain’s SPF record, you should have access to your domain’s DNS settings. On your DNS resource, publish the following TXT record:

v=spf1 include:aspmx.googlemail.com ~all

Publishing an SPF record that lacks include:aspmx.googlemail.com or specifying -all instead of ~all could result in delivery problems.

If you choose to activate the Postini features in Google Apps Premier Edition and configure Google Apps to route email to the Internet via Postini’s servers, Google suggest that you use this configuration:

v=spf1 ip4:207.126.144.0/20 ip4:64.18.0.0/20 include=_spf.google.com ~all

NOTE: You could create a SPF record using the wizard on http://old.openspf.org/wizard.htmlor The SPF Setup Wizard.

GoDaddy Example:

Some domain name sellers provide advanced tools to edit the SPF record. GoDaddy is one of them.

1. Log into GoDaddy and make your way to the Domain Control page – where you found the Add New SPF tool. Click on it.

On the 1st page, pick ISP and Other Mail and click OK.

2.  Select the Outsourced tab. In the box for Outsourced domains, type

aspmx.googlemail.com

and press OK.  You will see the message:

This is the SPF record generated based on your input:
v=spf1 include:aspmx.googlemail.com ~all

then click OK. After an hour (or more) the new settings will be live and you can test them by sending an email from your domain.

To do this send an email to check-auth@verifier.port25.com You will get a reply which should contain SPF check: pass somewhere in the message. Here are some other SPF testing tools.

See also

• How to Choose a Domain Name
• How to Buy a Domain
• Gmail Verifies Emails, Adds Key Icon
• Free DNS Services
• What Happens to Dormant Gmail Addresses?
• Web Development for Small Business
• The 10 Minute Security Check-up
• Read Your Email From Anywhere
• Move Your Old Email System to Google Apps
• Loosing Your Email Password

Posted on Tuesday, June 16th, 2009 in: Domains, Google Apps. You can leave a response, or trackback from your own site.