Tsohost Knowledge Base

A guide to email spoofing and SPF records

Modified Thursday 2nd April, 2015 at 11:28

Was this helpful?

One common tactic used by spammers is the "spoofing" of email addresses. When they send out their junk email (advertising pharmaceuticals, pirated software, etc) they will often put a genuine user's email address in their "From" field so that the message appears to come from that user. This has the undesirable effect of causing NDR (non-delivery receipts) to be sent to that user instead of the spammer.

Due to the nature of an email message, it is possible for a sender to set any "From" header they wish. For instance, if you take a look at the settings in your email software, you will find it's quite easy to send an email "From" bill.g@microsoft.com or anyone-you-like@anything-you-like.com.

It's up to the receiving mail server (and the recipient themselves) to discern whether the "From" address given by the sender is genuine. Some mail servers will check that the "From" address given by the sender is a valid domain but, of course, it almost always is. A better solution is to use SPF records as part of your DNS zone. An SPF record describes which mail servers are allowed to send mail on behalf of your domain name. For instance, if you have a site hosted with Tsohost, you can publish in your SPF record that only Tsohost mail servers can send mail on your behalf. If a spammer uses their mail server to send junk email, the recipient's mail server will take into account the domain's SPF record when deciding whether to deliver that message to the recipient.

If you are using our cPanel hosting and our e-mail service, the SPF record should be:

v=spf1 a mx include:misp.co.uk include:footholds.net include:srv2.com ~all

You can add this as a TXT-type record within the Custom DNS section of the control.gridhost.co.uk system or via the advanced DNS editor in cPanel.

If you have a local Exchange server or similar in your office, you will need to include this in the SPF record. If it is your MX record, the above should cover it but to be safe, you can authorise additional IPs with the following syntax:

v=spf1 a mx ip4:195.62.28.5 ~all

(Replace 195.62.28.5 with your mail server's IP address.)

Finally if you are using our Cloud hosting services, due to the nature of the mail cluster setup, you will need to use the following SPF record:

v=spf1 include:gridhost.co.uk ~all

This will allow all of our Cloud-hosting-related mail servers (mail3.eqx.gridhost.co.uk, mail.gridhost.co.uk etc) to send legitimately from your domain name.

If you are using another provider's DNS servers, you will need to add the SPF record via their system instead. If you need any assistance or advice, please don't hesitate to contact support.


emailspoofingSPFrecords

Still can't find what you're looking for?

Not a problem - our 24/7 customer support team are super friendly and here to help answer all your questions. There's no need to wait, click below to start a Live Chat.

Start Live Chat

Still can't find what you're looking for?

Not a problem - our 24/7 customer support team are super friendly and here to help answer all your questions. Don't delay, click below to find out how you can get in touch.

Get in Touch