2006/04/22

Sender Policy Framework (SPF)

I checked that I have not written anything in my blog about sender policy framework (SPF). Well, I'd better do so otherwise I might forget the whole concept later on. In fact, this is a service for receiving mail server to authenticate the sender in the "mail from" field. It works this way. Suppose a spammer tries to use the sender email address as xyz@aol.com, the receiving mail server will interrogate the domain records of aol.com. There is a string of text telling which IP addresses can use the domain aol.com (sender policy). The spammer will be using an IP addresses not in the domain records of aolc.com and the receiving mail server will reject the email.

The good news is that all existing DNS software packages can support additional text strings for implementing SPF. However, receiving mail servers need to be upgraded to perform the SPF interrogation.

Here below is the IP addresses that can be associated with the domain aol.com:

> set type=txt
> aol.com

Non-authoritative answer:
aol.com text = "v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
aol.com text = "spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"

No comments: