I was checking my DNS server against www.dnsreport.com and saw this warning message:
"Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record before October 1, 2004, the target date for domains to have SPF records in place."
What would the steps be to accomplish this on a Windows 2000 DNS server and what would the record look like when viewing from the DNS MMC?
Also, is this something that everyone should impliment?
To support SPF, you need to add special TXT records to your zone data that describe the mail servers authorized to send mail from your domain names. Let's say your mail comes from either foo.com or mail.foo.com (that is, your e-mail addresses are of the form email@example.com or firstname.lastname@example.org). From the DNS MMC snap-in, select the foo.com zone and add two TXT records to it, one for foo.com and one for mail.foo.com. (To add a TXT record, select Action - Other New Records. Then, in the Resource Record Type window, choose TXT and select Create Record.) To determine what to add in the space labeled "Text:", use the excellent SPF Wizard at http://spf.pobox.com/.
I think SPF is well worth implementing. It'll help prevent spammers from spoofing your e-mail addresses in the junk they send, and give recipients greater assurance that the mail you send really came from you. And it's easy to set up.
Dig Deeper on Working With Servers and Desktops
Related Q&A from Cricket Liu
If you take some simple steps, you can help prevent advanced persistent threats from plaguing your network. Continue Reading
Networking expert Cricket Liu explains what causes this error: ipnathlp event 31002 and why it is bad for TCP/IP. Continue Reading