Friday, July 31, 2009

SPF record for google hosted domain

After I moved some of my email infrastructure to Google, I decided to add one more optional, but important step and create custom SPF record for that domain. Sender Policy Framework (SPF) allows domain owners to specify which Internet hosts are allowed to send e-mail claiming to originate from that domain by creating a specific DNS TXT record. Google's help page recommends the following:

v=spf1 ~all

However, a lot of people found that it doesn't work all the time, and alternatively suggest the following:

v=spf1 a mx ~all

Since I'm still planning to send some of my emails from PHP scripts on my site I also included my web host's domain:

v=spf1 a mx ~all

This should make any spoofed messages, that claim to come from my domain, appear like the fakes that they are. Unless, of course, they were sent from Bluehost's or Google's servers. Umm... well that should reduce the amount by at least a little bit.