Improved SPF security to stop spam from your own domain

Interestingly, despite implementing strong anti-spam measures on our platform, users still frequently receive spam messages that appear to come from their own email domain.

For instance, when the mailbox john@domain-name.com receives a spam email appearing to be sent from whatever@domain-name.com.

This raises the question, how is this happening despite the spam filters and SPF protection in place on our web hosting platform?

How do spammers utilize your email domain to send spam messages?

Typically, email sender identity is rarely verified.

It is technically impossible to stop someone from sending an email that appears to come from your email address, even if security measures are in place.

This is the normal operation of email communication.

What is the mechanism of SPF protection?

To address the issue of unreliable email sending, hosts frequently implement additional measures to further secure their client’s email accounts, such as spam filters and advanced technologies like SPF and DKIM.

By enabling SPF protection and DKIM (DomainKeys Identified Mail) on our platform, users can validate their incoming messages on the server level, determine if they are legitimate, and reject them as fake if they are not.

By targeting the source of the spam message – the mail server that sent it – SPF protection and DKIM (DomainKeys Identified Mail) offer a more advanced method of fighting spam. This is in contrast to traditional spam filters that only target the message itself.

We have been providing SPF protection and DKIM for several years now. However, even with these technologies enabled, users who are repeatedly targeted by spam continue to experience problems. To address this, we have taken steps to give these users more control over what enters their inboxes.

How to effectively utilize SPF protection against persistent spam attacks?

Starting today, users have the option to choose the level of SPF validation for their incoming emails from the Email section of the Web Hosting Control Panel.

For those who are worried about legitimate messages being blocked, a non-strict SPF checking mode is available. To activate this mode, select “Non-strict mode” from the Mode drop-down menu when setting up an SPF instance.

The recently added strict mode can also be selected from the Mode drop-down menu.

Strict mode for SPF protection

Strict mode for SPF protection is a setting that enforces strict compliance with an email domain’s SPF record.

This mode is intended for users who are frequently targeted by email fraud and want to implement stronger security measures for their inboxes.

In strict mode, incoming emails that don’t match the specified SPF record will be rejected immediately, whereas in non-strict or “softfail” mode, such emails will only be marked as potential spam and may be delivered to the recipient’s inbox based on their spam score.

The strict mode option is available for users who frequently experience email fraud, allowing them to implement stringent SPF protection for their inboxes.

The main technical difference between strict and non-strict modes is a single symbol. A non-strict (also known as “loose” or “softfail”) SPF record would look like:

“v=spf1 ip4:10.0.0.1/32 all”,

while the same record in strict mode would be:

“v=spf1 ip4:10.0.0.1/32 -all”.

The difference lies in the “/-” symbol in front of the “all” parameter.

This small syntax change has a significant impact: In non-strict mode, the “~” symbol indicates that incoming emails from a domain that does not match the SPF record will not be rejected, but rather marked as potentially spam.

The email’s spam score will then determine whether or not it reaches the recipient’s inbox. In strict mode, any incoming message that fails the mail server validation test will be rejected immediately.

 

 

Leave a Reply