In order to prevent the Hotmail.com, Gmail.com, Yahoo.com and other top internet mail provider interpret all mails originate from your server to be spam and then placed it into junkmail folder, it is recommended to add SPF (Sender Policy Framework) in your zone file. The ISPs and email providers usually will check for SPF record pass to determine whether the mail originates from your IP. It is advised to configure SPF for your corporate domain to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path), a typical nuisance in e-mail spam. The most important things is this can help to prevent spammers from abusing your domain. This steps has been tested on Bind DNS server that running on linux CentOS 6.2 server.
Steps to add SPF record in Bind DNS zone on Linux server :
1. Login to your Primary DNS server, and open a DNS zone record that contain mail exchanger record (MX record). In this case, MX record for ehowstuff.local domain is mail.ehowstuff.local. The configuration is in /var/named/chroot/var/named/ehowstuff.local.
[[email protected] ~]# vim /var/named/chroot/var/named/ehowstuff.local
; ; Addresses and other host information. ; $TTL 14400 ehowstuff.local. IN SOA ns1.ehowstuff.local. admin.ehowstuff.local. ( 2012060201 ; Serial 86400 ; Refresh 7200 ; Retry 3600000 ; Expire 86400 ) ; Minimum ;A record for domain mapping domain to IP ehowstuff.local. IN A 192.168.1.44 ;Define the atleast 2 private nameservers ehowstuff.local. IN NS ns1.ehowstuff.local. ehowstuff.local. IN NS ns2.ehowstuff.local. ; Map 2 private nameservers to IP addressess using A record ns1 IN A 192.168.1.44 ns2 IN A 192.168.1.54 ; Specify subdomains if any using CNAME or alias. www IN CNAME ehowstuff.local. ftp IN CNAME ehowstuff.local. ; Mail exhanger and map it IP using A record. ehowstuff.local. IN MX 10 mail.ehowstuff.local. ; SPF Record for MX. ehowstuff.local. IN TXT "v=spf1 a mx -all"
2. Restart named service :
[[email protected] ~]# service named restart Stopping named: . [ OK ] Starting named: [ OK ]
3. You can manually check and test the Sender Policy Framework (SPF) record for a domain by using nslookup as follows:
- On windows, Open Command prompt (Start -> Run -> cmd).
- Type ‘nslookup’ and press enter.
- Type ‘set type=txt’ and press enter (This will set the query type to TXT).
- Type the domain that you would like to query (e.g. ehowstuff.local).
C:\>nslookup *** Can't find server name for address 192.168.1.44: Non-existent domain *** Default servers are not available Default Server: UnKnown Address: 192.168.1.44 > set type=txt > ehowstuff.local Server: UnKnown Address: 192.168.1.44 ehowstuff.local text = "v=spf1 a mx -all" ehowstuff.local nameserver = ns1.ehowstuff.local ehowstuff.local nameserver = ns2.ehowstuff.local ns1.ehowstuff.local internet address = 192.168.1.44 ns2.ehowstuff.local internet address = 192.168.1.54 >
On linux, run the following command :
[[email protected] ~]# host -t txt ehowstuff.local ehowstuff.local descriptive text "v=spf1 a mx -all"