Some of my customers are receiving emails from email addresses using their domain name, but the account doesn’t actually exist.
Like if they own somedomain.com and they are receiving emails from accounts like “email@example.com”, but there is no “scanner” account. They aren’t actually sending THROUGH the server, just using the domain name so it looks like it’s coming from the customers domain. I realize there isn’t a way to prevent people from doing that (is there???), but how can we make it so that the client who owns somedomain.com doesn’t receive emails from accounts on that domain that don’t actually exist?
SPF attempts to protect against that.
An SPF record gives a list of IP addresses allowed to send email on behalf of a given domain name.
If someone forges an email address from a domain on your server, and you have SPF records setup that don’t allow that user’s mail server to send email from that domain – SpamAssassin would take issue with that. As would many other providers on the Net.
You can setup SPF for a domain in Server Configuration -> DNS Options.
I believe it’s setup to “Neutral” by default; meaning it’s a “low” grade offense, and would generate a fairly low score in SpamAssassin.
But, if you were to setup the Action as either “Discourage” or “Disallow”, that would trigger a higher SpamAssassin score when receiving an email from that domain from an IP that’s not listed as “allowed”.
That’s how I have all of the sites setup by default.
Allowed Sender Hostnames is their hostname and mine
allowed sender mail domains is their mail domain and mine
allowed sender IP address is their ip and mine
included domains to allow is blank
Action for other senders is disallow
If you look at the email headers, what is the X-Spam-Status header set to for an email that contains a forged email address?
If it shows a failed SPF record, it’s possible all that needs done is to weight that rule higher.