" dns Archives - LuxSci

Posts Tagged ‘dns’

Improve Email Deliverability by Setting Up SPF Records

Thursday, May 25th, 2023

Recently, Gmail changed its email acceptance policies to reject emails from sending domains without SPF or DKIM records. If they can’t be sure a message originated from an authorized server, it may end up in the spam folder. Setting up SPF records is one way to improve email deliverability, prevent spoofing, and keep your emails out of the spam folder.

email spf records

What are SPF Records?

SPF stands for Sender Policy Framework. SPF allows administrators to specify exactly which servers are allowed to send emails on behalf of a domain by adding a record to the domain name settings (DNS). When an email is sent to another service provider, like Gmail, they compare the sender’s IP address to the SPF record. The email will only be delivered to the inbox if the record lists the correct server address. If the server is not listed, the email service provider assumes the message is forged and may send it to spam.

SPF records are primarily used to stop forged emails. Setting up SPF records for your sending IP addresses will prevent spammers from using your domain as their “From” sending address. For example, say your company domain is “trial.com,” and your SPF record correctly identifies your sending server’s IP address. Any messages you send will be verified as coming from your organization and will be delivered. When spammers try to use trial.com as their sending domain, the mail service provider will compare their IP address to your SPF record. When they do not match, the message will be flagged as suspicious.

However, SPF records do not prevent spammers from using other tactics to infiltrate your inbox. They could set up a similar domain like “trail.com” and set up SPF records for that domain to avoid scrutiny. SPF should be used in conjunction with other security measures like DKIM and DMARC to increase deliverability and protect your sending domains.

How to Set Up SPF Records

You must work with the domain owner or administrator to set up an SPF record. First, you need to collect all of the IP addresses that your organization uses to send email. Then, you will need access to your domain settings to add the SPF record. Whoever manages your domain name and web hosting can help you add the record. If you have further questions about how to improve your email deliverability, please don’t hesitate to reach out to the LuxSci support team.

Interview with Mark Jeftovic, CEO of easyDNS

Friday, July 24th, 2015

LuxSci has been partnered with easyDNS to provide DNS and domain registration services to its customers since 1999. Due to our sales volume, we have an “Enterprise DNS” portal that both LuxSci Support and its clients can access to manage their domains. LuxSci has stuck with easyDNS for all of these years due to their excellent support, the high quality of the DNS services, and the friendly and helpful attitude of easyDNS management. LuxSci also believes that by partnering with easyDNS, we are able to provide our clients with the best and most robust DNS services available. This is mission critical, because if your DNS is down, so is your business.

Read the rest of this post »

Stopping Forged Email 3: DMARC to the Rescue

Monday, March 2nd, 2015

DMARCIn our previous two posts in this series, we examined how SPF and DKIM can help limit forged email messages by looking at the IP address and validating if the message was sent by an approved server based on digitally signed messages. We found that while SPF and DKIM can work, they have significant limitations that cause them to be insufficient to stop forgeries in many cases.

However, SPF and DKIM address the forgery problem in different but often complementary ways. For this reason, many organizations use both technologies.

Suppose you are using both technologies and can control where your domain’s messages are coming from. In that case, you can step up your game using DMARC, Domain-based Message Authentication, Reporting, and Conformance.

Read the rest of this post »

Stopping Forged Email 2: DKIM to the Rescue

Monday, February 23rd, 2015

DKIMIn our last post in this series, we examined how SPF can be used to help weed out forged email messages by validating if a message was sent from an approved server by looking at the IP address delivering the email message. While SPF can work, it has many significant limitations that cause it to fall far short of being a panacea.

So — besides looking at the sending server IP address — what else can we do to determine if a message was forged?

It turns out that there is another way. By using encryption techniques and digital signatures, the sender’s servers can transparently “sign” a message in a way that you can verify upon receipt. This is called DKIM.

DKIM – Domain Keys Identified Mail: A Simple Explanation

DKIM stands for “Domain Keys Identified Mail.” This stands for “Domain-wide validation Mail Identity through use of cryptographic Keys.” To understand DKIM, we need to pause and look at what we mean by “cryptographic keys” and how they can be used.

Read the rest of this post »

Stopping Forged Email 1: SPF to the Rescue

Tuesday, February 17th, 2015

SPFWe have recently looked at how hackers and spammers can send forged emails and then seen how these forged messages can be almost identical to legitimate messages from the purported senders. We learned that generally, all you can trust in an inbound email message is the internet IP address of the server talking to your inbound email server. This cannot realistically be forged in any way that would still enable you to receive the message.

We know who the message is from and the server’s address that delivered it to us. How can we reliably prevent fraud by checking if the message was forged or not? Seems hard.

It turns out that a number (yes, more than one!) of techniques can be used to do this. The first and simplest is SPF – Sender Policy Framework. Below, we shall look at what this does, how it works, how to set it up, and what some of its deficiencies are. In future articles, we will look at the other techniques.

Sender Policy Framework: A Super Simple Explanation

Simply put, SPF is a way for the owner of a domain, such as bankofamerica.com, to publish information indicating what servers (internet addresses) are authorized to send email from that domain. Recipients (e.g., your spam filtering software) can check the internet address that is trying to send you an email from bankofamerica.com against this authorization list- if it is on it, the message is probably legitimate; if not, it’s probably forged.

Read the rest of this post »