Under the Filter

Hi All

As you know it’s  now very important to comply to all e-mail internet standards if you want your eMail to be accepted by e-mail security solutions and large provider

SPF records (TXT records) known as Sender Policy FrameWork http://www.openspf.org/

This very important DNS record confirm from wich IP addresses eMail from something@yourdomain.com may originate.

It helps detect e-mail address forgery (i.e. My e-mail address is user@domain.com and I’m sending an e-mail message as if I was user@yourdomain.com.

Imagine that I pretend I’m you@yourdomain.com and send 3 millions e-mail messages Smile, and that most of those eMail are sent to invalid addresses. To whom you think the NDR will come back…? You!

You must be very carefull if some of your remote user don’t send e-mail from the main office (let’s say some ISP smtp server), then ISP mail server must be included in your SPF. If every e-mail are sent from your main office from a single IP, then it’s really easy. One way to avoid having to deal with ISP smtp servers is to use VPN connections or SMTP-AUTH for roaming users.

http://www.mtgsy.net/dns/spfwizard.php is one tool I found (one ISP tool) that is easy to use.

PTR records/ Reverse DNS records

More and more e-mail servers are doing a reverse lookup of the sending e-mail server. When you don’t have a PTR record or have a generic one (like isp-pool-adsl10-90-122-32, then they could refuse the e-mail (SMTP) communication, or consider the message as spam.

The Hosting or ISP providing the IP address is responsible for setting PTR records. So you should request them something like :

Please create a PTR record for us :

IP address: 209.200.200.256 match mail.ourcompany.com (fictive address, doesn’t even exist)

(HELO / EHLO)

 When you set up an e-mail Server, it often takes a default name for the HELO greeting. Basically when your e-mail server talk to another e-mail server, it is saying : Helo, I am mail.ourcompany.com 

Some hosting company or security solution could refuse to communicate with you or consider e-mail from your server as spam if the HELO do not match the reverse DNS, or if it doesn’t make sense.

Example : most Microsoft IT people, when they install an Exchange server in a Windows Active directory environment, forget to set the HELO greeting so the SMTP Banner end up being ’servername.domain.local’. This is not a routable internet FQDN (and an HELO greeting should be).

So to avoid any problems, make sure the HELO also matches the A records & reverse DNS (PTR) of that machine.

So, in our example, to be compliant:

IP address: 209.200.200.256

HELO: mail.ourcompany.com

PTR record for 209.200.200.256: mail.ourcompany.com A record for mail.ourcompany.com -> 209.200.200.256

Any comments are welcome

You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.