I had a call from a client today. She was concerned because she had received a large volume of bounced spam email that was supposedly sent by her. Her fear was that someone had hacked her server and was now ruining her domains reputation by spamming. I explained that her server was fine but someone was probably “spoofing” her domain name. Which lead to the next question and the topic of this blog, “how-to prevent email spoofing.”
If you have ever used an ESP (Email Service Provide) to send mass email campaigns, such as CampaignerPro , Cheetah mail or iContact you have spoofed your own domain name. It seems innocent enough but a spammer could just as easily use your domain to send million of unsuspecting people SPAM. To prevent this from happening you need to create a SPF (Sender Policy Framework) or a SenderID record for your domain’s DNS record.
A SPF and/ or a Sender ID is a record that tells an ISPs which IP addresses are allowed to send mail under your domain. If the name the IP address isn’t in the SPF record the email is rejected by the ISP as SPAM.
To create a SPF record for your domain name you can use this wizard here http://www.openspf.org/ and then paste that information into your DNS record where your site is hosted.