June 23rd, 2010

Better Forged Email Filtering with Improved SPF Support

It is an extremely common and annoying practice of spammers to send you email that is from yourself or your colleagues or friends.  I.e. “forged email”.  We discuss this problem in the article: Save Yourself From “Yourself”: Stop Spam From Your Own Address.

Users of LuxSci’s Premium Email Filtering service now have a new and very powerful weapon to stop this kind of spam — “SPF-enabled allow list entries”.

This feature allows you to easily receive protection from forged spam messages while at the same time ensuring that legitimate messages sent between users in your organization are not filtered or caught as spam.

How do SPF-enabled allow-list entries work?

First, you need to make sure that your domains and any other domains that you are interested in protecting in this way have an “SPF Entry” in their DNS.

SPF (Sender Policy Framework) is a way to specify in DNS exactly which servers are allowed to send email for a domain; email recipients can use this information to determine if an email message is forged and thus Spam.

If you are an existing customer and you would like an SPF record added to your domain, please make a support ticket and indicate if there are any other servers, other than LuxSci’s, from which email from your domain may legitimately originate.

If you are a LuxSci customer with access to edit your own DNS settings, you can add “include:luxsci.com” to your SPF record to allow email to be sent from your domain from any of LuxSci services.

Once this feature is enabled for these domains:

  1. All email sent from any server allowed by your SPF record will be passed though with no filtering (except for virus filtering)
  2. All email sent purporting to be from these domains, but from a server not covered by their SPF records, will be filtered as usual.

This means:

  • Email sent between users in your organization will be delivered without being filtered
  • Forged email will be filtered
  • Adding your domain to your own Allow List no longer subjects you to the possibility of receiving spam forged to be from you.

How do I enable this feature?

First, ensure that the domain(s) that you wish to enable this feature for have SPF records.

Next, login to your Premium Email Filtering management console and, under the “Email Protection > Policies > Allow/Deny” area:

  • Make sure that your domain and any other domains that you often receive email from and which have SPF records for are added to your “Allow List”.
  • Select each of of these domains, in turn, and click on “Add SPF”.
  • Click on “Save”

If you would like assistance setting this up, please make a support ticket in your LuxSci account and we will help you.  Please let us know what domain names you would like to protect in this way.

What about just explicitly allow listing my mail server?

Previous to the release of this new feature, you could solve the problem by:

  • Allow listing the IP address(es) of your mail server(s) and any other servers that would send email for your domain.

This has the same effect as the new SPF-enabled allow list feature.  However, the SPF-enabled allow list feature is superior in that:

  • You control the list of allowed servers using centrally managed SPF DNS records.
  • SPF records are standard and public and can be used by others for determining the legitimacy of messages purporting to be sent from your domain.
  • Often, even if your assigned server IP addresses change, your SPF records will remain the same and thus no change would be needed to your filtering settings (i.e. this is the case for email hosting customers of LuxSci).
  • It is easy to specify large numbers of servers dynamically and recursively using SPF, making the setup and configuration process “a snap”.

Leave a Comment

You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.