SPF Records won't help us to prevent spam mails

05-25-2009

Hi

We configured SPF record as below for domain sam.gov.sa

v=spf1 mx mx:mail1.sam.gov.sa mx:mail.sam.gov.sa mx:mail2.sam.gov.sa
mx:mx2.mex.net.sa ~all

but still we are receiving many mails claiming from our own domain. The last
mx record / server is with our ISP. Then how can we control this and what
this SPF really do for us?

Can anyone help us to resolve this issue?

Regards
Lal
--
Server Management Team

05-25-2009

Laljeev <> wrote:
> Hi
>
> We configured SPF record as below for domain sam.gov.sa
>
> v=spf1 mx mx:mail1.sam.gov.sa mx:mail.sam.gov.sa mx:mail2.sam.gov.sa
> mx:mx2.mex.net.sa ~all
>
> but still we are receiving many mails claiming from our own domain.
> The last mx record / server is with our ISP. Then how can we control
> this and what this SPF really do for us?
>
> Can anyone help us to resolve this issue?
>
> Regards
> Lal

SPF records are not a panacea. What version & SP of Exchange do you use? If
you don't have any external POP/IMAP users who need to relay mail through
your SMTP server, you could reject all inbound Internet mail purporting to
be from yourdomain.com.

Info on SPF here:
http://en.wikipedia.org/wiki/Sender_Policy_Framework

05-25-2009

On Mon, 25 May 2009 03:07:02 -0700, Laljeev
<> wrote:

>Hi
>
>We configured SPF record as below for domain sam.gov.sa
>
>v=spf1 mx mx:mail1.sam.gov.sa mx:mail.sam.gov.sa mx:mail2.sam.gov.sa
>mx:mx2.mex.net.sa ~all
>
>but still we are receiving many mails claiming from our own domain. The last
>mx record / server is with our ISP. Then how can we control this and what
>this SPF really do for us?

If you're telling the world that your ISP is an authorized IP address
for sending email from your domain, and the spam is coming from the IP
address of the ISP's SMPT relay, then it's not unauthorized, is it?

Using a secondary MX makes using SPF (and SenderID) effectivly very
difficult, if not downright impossible.

If you don't trust the ISP then remove the address from your SPF data.

You also use the "~" modifier instead of the "-" modifier. Is there a
reason you're doing that?

You don't say how you have your Exchange SenderID configured, either.
Do you reject email that appars to be forged, accept it and flag it,
or delete it? If you accept it and flag it, do you (or whatever you're
using for anti-spam) take that suspected forgery into account when
assessing the spaminess of the message?
---
Rich Matheisen
MCSE+I, Exchange MVP

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
can't delete or junk spam e-mails	Charlie Mac	Windows Vista Mail	2	10-04-2007 06:08 PM
I wan't not see SPAM mails in the tray	Peter Flindt	Windows Live Mail	1	03-13-2007 06:58 PM
Re: Need some help with DNS PTR Records for sending e-mails to aol.com	Kevin D. Goodknecht Sr. [MVP]	DNS Server	0	01-11-2007 11:48 AM
howto delete spam/anonymous mails on queue in exchange 2003	chunky	Windows Small Business Server	8	10-05-2006 07:38 AM
How to prevent some users send/receive external mails but not internal ones ?	JDB	Windows Small Business Server	1	01-21-2006 05:13 PM