How to avoid having your domain name stolen

Authenticate your mail servers with SPF

These days, hackers have no qualms about appropriating domain names that don’t belong to them, in order to spread spam. As a result, not only are anti-spam filters increasingly in demand, but this also sometimes leads to the exclusion of the domain names in question, which are causing harm and hindering the smooth flow of communications. The Sender Policy Framework (RFC 4408) reduces these risks and drawbacks. Thanks to this standard, a list of IP addresses authorized or not to send e-mails for a given domain can be established.

The principle of SPF is to define a TXT field on the domain name to define the list of mail servers authorized or not to send e-mail to the domain name in question.

The TXT input, for example, takes this form: IN TXT “v=spf1 +ip4: ~all”

A set, in our example above “+ip4:” includes a “+” action, an “ip4” selector and a “” value. According to the Sender Policy Framework principle, there are four possible actions:
+ : authorized (pass), ? : neutral, ~ : soft fail or – : fail.

These actions are used with one of the selectors listed below:
– a: refers to type A DNS records,
– ptr: refers to the reverse DNS of the sending server,
– mx: refers to MX DNS records,
– ip4: refers to an IPv4 address,
– ip6: ditto, for an IPv6 address,
– all: designates all.

The value is optional for selectors a, ptr and mx, in which case the current domain is selected by default.

So here’s the translation of the example at the beginning:
– +ip4 : authorizes IP address to send emails for the domain
– ~all: does not allow (in a flexible way) other IP addresses to send email on behalf of

You can mix the selectors as you wish. Below is another example: IN TXT “v=spf1 +mx +ip4: ~ip4: -all”

In this case, we authorize all type A DNS entries for the domain, as well as type MX DNS entries for the domain and IP address, to send emails on behalf of IP address will be able to send emails but will be penalized, and emails from any other IP address will have to be refused.

Important information: the administrator of the receiving remote server is free to manage the different rules according to the level of action requested by the sender (+,?,~,-). In particular, it may well consider that a “fail” for SPF non-compliance is too severe an action, and simply suspect the mail to be spam.

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …