Web Hosting Articles

  Home arrow Web Hosting Articles arrow Page 4 - SPF: Its Functionality and How To Use ...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

SPF: Its Functionality and How To Use It On Your Server
By: Michael Swanson
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 5

    Table of Contents:
  • SPF: Its Functionality and How To Use It On Your Server
  • SPF Basics
  • Setting Up an SPF Record
  • Implementing SPF on Your Server of Email Client

  • Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article




    SPF: Its Functionality and How To Use It On Your Server - Implementing SPF on Your Server of Email Client

    (Page 4 of 4 )

    Currently, many MTAs support SPF lookups.  Some servers, like CommuniGate Pro, have SPF functionality built in to the MTA and only need to have a configuration option changed.  For other servers, such as Sendmail, Qmail, and Courier, the server administrator must install the SPF C libraries and then patch the server to support SPF.  The proper way for SPF lookups to be implemented is for them to be done by the SMTP server at the time of receiving an email.  Most servers will cache SPF records to help streamline the mail delivery process.  In order to add support, the server admin must first download and install libspf2, the C library that provides actual programmatic support for the “check_host()” function defined in the SPF specification. 

    To install SPF functionality into Sendmail, it is easiest to set SPF up as a custom mail filter, also called a “milter.”  Some good instructions can be found at: http://www.acme.com/software/spfmilter.  Basically, the process consists of compiling and installing the SPF library, editing the Sendmail configuration file to use the SPF milter and then editing the server startup configuration to start the milter automatically. 

    There are also implementations available for SPF on Microsoft Exchange.  There is a plugin filter available from the libspf2 website for Exchange, as well as a commercial implementation available in the GFI MailEssentials package (http://www.michaelbrumm.com/smtpspffilter.html). 

    If you don’t run your own server or your server admin can’t or won’t install SPF functionality, there is a plugin available for Thunderbird that does SPF checks on the client side.  This plugin will check email messages you’ve downloaded and add a line above the header information notifying you if the message appears to be verified or not.  In some ways, this is a particularly useful tool as it notifies the user at the point of interaction with the email system whether or not a message is legitimate. 


    SPF could be a powerful tool in combating junk and unauthorized email.  Because of the basically trusting nature of the email system, phishing attacks have particular potency, especially against inexperienced or unknowledgeable users.  In addition, the consequences of successful phishing attacks are devastating.  SPF can help weed out and warn users when a particular message seems illegitimate.  Unfortunately, SPF records are relatively rare in current DNS set-ups.  It is imperative that more server administrators and domain owners publish this information in order to combat the flood of unauthorized email in our inboxes. 

    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.


    - Top Wordpress Plugins for SEO
    - Top Drupal Evaluation and Rating Modules
    - Free Network Monitoring Programs for Max Per...
    - E-store Hosting: Free Options for Beginners
    - Dropbox: The Ultimate File-Sharing and Synci...
    - Reviewing the Best Free Web Hosting Sites
    - Businesses Turn to Reseller Web Hosting for ...
    - Multiple Data Center Hosting
    - Web Hosting Goes Green
    - Web Hosting Technology Overview
    - Collaborate: An Examination of Tools for Gro...
    - Social Networking Security
    - Domain Names 101
    - Top Software to Help Manage Your Websites
    - The Evolution of Phishing

    Developer Shed Affiliates


    © 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap