Can somebody explain what the 'Enable SPF spam protection' feature is for on the Mail page.

Is it supposed to be used in conjunction with Span Assassin?

Does it work well and what is the best setting to have it on?

http://www.openspf.org/

The "safest" setting to ensure you don't lose genuine email that is sent from domains not using SPF yet is "reject if spf resolves to fail".

what are other options ?

SPF local rules

SPF guess

SPF explanation text

it would be good if someone expert post a good guide for hosting server with plesk to setup easy SPF to protect from spammers.

everything step by step.

Yes Please

Did you guys check out the Help/Admin's Guide for Plesk 8?
I guess there should be the information you need.

It's covered in Plesk interface help.

what about spf guess and other next textbox used for ?

as in plesk help its too short note on what is spf is all about.

i was thinking to get help to set parameter suitable for hosting server.

if there is any routine regular expression not to strict policy or other kind of.

as newbie for SPF i was looking for that help.

as i read somewhere that there is something to do with dns record too for SPF. if someone can help on this.

read all about it on http://www.openspf.org/
use their wizard to get the right DNS change
make the DNS change in your server
read the Pleskdocumentation about the other settings, they even give advice on what you should put there.

Originally posted by Cranky
The "safest" setting to ensure you don't lose genuine email that is sent from domains not using SPF yet is "reject if spf resolves to fail".

Plesk recommend: "To accept all incoming messages regardless of SPF check results, select the Create only Received SPF-headers, never block option from the SPF checking mode drop-down box. This option is recommended."

What will that setting to?

Basically, is it a good or a bad idea to enable SPF spam protection and select one of the two options mentioned here?

There's a wizard on openspf.org (http://www.openspf.org/) that will help walk you through setting up your spf options, but like everyone else I'm a bit hesitant to do much with it yet.

Basically, the two direct benefits of SPF i found are :

- ensuring a spammer/virus/trojan cannot send emails using your email address in the FROM field of the email.

- get legitimate emails to go through hotmail (and others of course) junk filter, and not be detected as spam.

I would describe SPF as a process by which a mailserver, when receiving an email with a "From field" indicating a domain hosted on your servers, can check that the mail server that did send the emails is listed as a legitimate server by the domain's DNS manager (you i suppose). He does so by requesting the SPF record of the email from field domain name.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/images%5Cspf_flow.jpg

The originating domain mail server will then reply either with:
- yes, it is valid (mail server is listed in my allowed mailservers ip addresses);
- no, it is not valid (mailserver not listed in my allowed mail servers ip addresses);
- failed = no spf record available
- dunno = spf record does not give an exclusive list of mailservers.

Microsoft did a SPF wizard that i found much better than the one listed above:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx

Now, attention please: when creating your SPF record, list your allowed mailservers (possibly mail.<domain>) but don't forget your users might be accessing the internet with an ISP obligating them to use the ISP's SMTP servers. (This is for example the case here in belgium with skynet - we have to use relay.skynet.be as SMTP server).
So these need to be listed too in the allowed servers. I'm not 100% sure of this but it seems logical to me. Can someone confirm this?

i hope this helps a bit,

Alex

You should setup a secondary mail server service on port 587 if your ISP does not allow port 25. You can find the setup for this in this forum. That way you never have to relay any emails to the server, just use your domain's email server.

Is there a log file anywhere on the server for all emails that get dropped by the "enable SPF spam protection option"?

Hi all!

Thanks for your patience on this SPF stuff!!

Am I right in saying that at a domain level i.e. as opposed to server level DNS within Plesk, the entry is as follows?

Record Type: TXT (from dropdown)
Enter domain name: (Left blank)
Enter TXT record: (text/string from MS or SPF wizard)

Furthermore, what do I have to enter for server level SPF, would really appreciate template as above?

Once again thanks for responses, quality post!!

.//philippe