Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Online tool simplifies creation of SPF domain records

Many administrators are unclear on how to set up the necessary DNS records to make SPF work for e-mail sender verification. To simplify the process, Microsoft has created an online wizard. The wizard can also be used to test a given domain's DNS to see if an SPF record has already been set up for it.

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Exchange or Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.

For some time now, Microsoft has had an experimental standard called SPF (Sender Permitted From), which is designed to reduce spam by preventing e-mail from being sent on behalf of someone who has not granted authorization.

SPF works by adding a TXT record to the DNS entries for one's mail server; the record provides details about who (if anyone) is authorized to send e-mail on behalf of that domain.

When an SPF-aware mail server receives an e-mail, it performs a DNS lookup on the sender's address to see if an SPF record exists for it. It then compares the e-mail's headers to the SPF record to see if it indeed originated from that server. If it didn't, the recipient server can take the appropriate action (which could be anything from increasing the message's spam score to blocking it entirely).

Controversy has swirled around the use of the standard, which Microsoft is putting into effect later this year on its Hotmail service -- any e-mail sent to Hotmail addresses that cannot be traced back to a server with an SPF record will be flagged as spam.

Not everyone agrees with this approach, and many are unclear about how to set up the needed DNS records to make it work. To simplify this, there is an online wizard that allows you to generate SPF records for a domain.

The process is fairly straightforward. You just supply the domain name for which you want to create an SPF, and answer a few questions about how e-mail is handled in your domain. The wizard then prints out a TXT record to be added to the DNS server (this part has to be done by whoever's responsible for administering DNS).

The wizard can also be used to test a given domain's DNS to see if an SPF record has already been set up for it. If you have just registered an SPF record with your DNS server though, it may not be detected right away with this test; allow 24 hours for DNS information to propagate before checking.

Also, this record should be added to the external DNS server for your organization, which may be hosted elsewhere; adding it to a DNS server used for internal name resolution (i.e., intranet Active Directory lookups) will not work.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.

Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:

  • Learning Center: The spamfighter's toolbox
  • Column: Why Sender ID is a non-starter
  • Reference Center: Spam prevention and management tips and resources

  • Dig Deeper on Exchange Server setup and troubleshooting

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.