[K12OSN] OT: just reduced spam by 95% with Free Software
Vince Callaway
vince at totalsense.com
Wed Jan 31 16:12:30 UTC 2007
On Mon, 2007-01-29 at 07:23 -0600, Burke Almquist wrote:
> I've been using dns blacklists for a while, but I've never gotten SPF
> checking setup. How did you set that up?
There are two parts to implementing SPF. The first is easy and everyone
should do it. A DNS record tells the world where email from a given
domain should originate from. You can go to http://www.openspf.org/ for
info an setting it up. There is a tool to generate the txt record for
you.
The entry for my domain is simple: "v=spf1 a include:centurytel.net
~all"
Mine shows centrytel.net as the only host mail should originate from.
Since I'm on a dynamic IP my server uses my isp mailserver as a
smarthost.
Implementing spf checking is different for every mail system. Since I'm
using qmailtoaster ( http://www.qmailtoaster.com ) spf checking was part
of the package. I have mine system setup for a hard reject on spf
failure.
If inbound mail is relayed through another server spf will break. There
is yet another protocol that has to be setup called SRS. It does a
header rewrite to show the path the mail took to get to you. That is
now part of qmailtoaster but I've not implemented it on my system yet.
I am acting as a mail filter for a couple of friends who use hosting
services with no filters. Since their servers don't check anything SRS
has not become an issue yet.
I will tell you that mailing lists break just about every checking
protocol. SRS would fix some of that if the list servers used it. I
had to setup a special entry for this list because the list server
software hoses several anti-spam checks.
More information about the K12OSN
mailing list