I set up SPF records for 4 domains 4 days ago. An SPF (Sender Policy Framework) record “is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses” (WikiPedia)
Since we’re using Media Temple DV server, I followed their guidelines. (which they’ve since updated with a correct link to an SPF wizard btw – the old wizard link didn’t work so they helped me on the phone which was great ).
On diamedia.net I was getting about ~5-10 spoofed emails a day (that appear to be coming from your own domain ie: accounting @ diamedia.net etc). On the other domains about 3 a day. But some days it could be higher.
How long does the SPF record transition take?
DNS records take about 24-48 hours to update. I’ve always thought this was exaggerated, however that was using the lens of how long it takes local servers to update to switching hosts, for example. I was never thinking about servers in Russia or Italy.
I set up a temporary folder in my email to move these emails (moved them manually) to keep track.
Day 1: 8 spoofed emails
Day 2: 5 spoofed emails
Day 3: 1 spoofed email
Day 4: 1 spoofed email
So, it appears to be working. I used a soft-fail (accept and tag any non-compliant mail) which is different than hard-fail (bounce any mail that doesn’t comply) so this is how the Day 3 and Day 4 are getting through. Actually Day 4 used google servers, which I have set up to allow google to be a mail server. I might switch this.
[ v=spf1 a:example.com/20 include:_spf.google.com ~all ]
I also will probably switch to a hard-fail once I am 100% sure about what this entails.
This was something I have been wanting to do for ages, but kept on putting off because it seemed to be gobbledeegook. Now I can cross that off the list and not add it to New Year’s Resolutions for 2012.
It’s Christmas Eve. Back to helping out Santa’s Elves.