In order to prevent the Hotmail.com, Gmail.com, Yahoo.com and other top internet mail provider interpret all mails originate from your server to be spam and then placed it into junkmail folder, it is recommended to add SPF (Sender Policy Framework) in your zone file. The ISPs and email providers usually will check for SPF record pass to determine whether the mail originates from your IP. It is advised to configure SPF for your corporate domain to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path), a typical nuisance in e-mail spam. The most important things is this can help to prevent spammers from abusing your domain. This steps has been tested on Bind DNS server that running on linux CentOS 6.2 server.
Steps to add SPF record in Bind DNS zone on Linux server :
1. Login to your Primary DNS server, and open a DNS zone record that contain mail exchanger record (MX record). In this case, MX record for ehowstuff.local domain is mail.ehowstuff.local. The configuration is in /var/named/chroot/var/named/ehowstuff.local.
[root@ns1 ~]# vim /var/named/chroot/var/named/ehowstuff.local
;
; Addresses and other host information.
;
$TTL 14400
ehowstuff.local. IN SOA ns1.ehowstuff.local. admin.ehowstuff.local. (
2012060201 ; Serial
86400 ; Refresh
7200 ; Retry
3600000 ; Expire
86400 ) ; Minimum
;A record for domain mapping domain to IP
ehowstuff.local. IN A 192.168.1.44
;Define the atleast 2 private nameservers
ehowstuff.local. IN NS ns1.ehowstuff.local.
ehowstuff.local. IN NS ns2.ehowstuff.local.
; Map 2 private nameservers to IP addressess using A record
ns1 IN A 192.168.1.44
ns2 IN A 192.168.1.54
; Specify subdomains if any using CNAME or alias.
www IN CNAME ehowstuff.local.
ftp IN CNAME ehowstuff.local.
; Mail exhanger and map it IP using A record.
ehowstuff.local. IN MX 10 mail.ehowstuff.local.
; SPF Record for MX.
ehowstuff.local. IN TXT "v=spf1 a mx -all"
2. Restart named service :
[root@ns1 ~]# service named restart Stopping named: . [ OK ] Starting named: [ OK ]
3. You can manually check and test the Sender Policy Framework (SPF) record for a domain by using nslookup as follows:
- On windows, Open Command prompt (Start -> Run -> cmd).
- Type ‘nslookup’ and press enter.
- Type ‘set type=txt’ and press enter (This will set the query type to TXT).
- Type the domain that you would like to query (e.g. ehowstuff.local).
C:\>nslookup
*** Can't find server name for address 192.168.1.44: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.1.44
> set type=txt
> ehowstuff.local
Server: UnKnown
Address: 192.168.1.44
ehowstuff.local text =
"v=spf1 a mx -all"
ehowstuff.local nameserver = ns1.ehowstuff.local
ehowstuff.local nameserver = ns2.ehowstuff.local
ns1.ehowstuff.local internet address = 192.168.1.44
ns2.ehowstuff.local internet address = 192.168.1.54
>
On linux, run the following command :
[root@centos62 ~]# host -t txt ehowstuff.local ehowstuff.local descriptive text "v=spf1 a mx -all"