I Get Bounced Emails That I Didn't Send
Posted Thursday, September 25, 2008 9:45:46 AMTo answer them, I've come up with this little story to help illustrate what is happening in the email world that causes this.
Imagine a guy in Texas wants to send out some advertisement about his new Widget. He makes the ad, buys the stamps from the post office, stuffs the envelopes, but when it comes time to putting the return address label on, he puts YOUR address. Now, he drops these into his mailbox and the post man comes and picks them up. As the post office tries to deliver these advertisements, any addresses they can't reach are returned to the sender, or in this case, to YOU. So even though you had nothing to do with the Widget advertisements, you start getting all of these "Return To Sender" pieces of mail in your mailbox.
That is essentially what's happening here. Spammers are sending out email but saying that it came from you. There is a fix for the problem, that works really well. It is called Sender Policy Framework (SPF). Going back to our real world post office example...
SPF is like making a list of every place in the world you would ever send mail, and then giving it to every postman with a note that says: "Hey, if you get any mail that says I am sending it but you didn't pick it up from one of these mailboxes, don't take it!" It works really well because now when the post man comes to the Widget man's home and sees your return address on it, he'll check your SPF and see that this home isn't on it, at which point he will not take or deliver the mail.
Currently about 80% of all email servers in the world recognize and actively use SPF, so it's not a 100% fix, but it definitely helps. If you want more information about how to setup SPF, you can visit the Open SPF Project which will show you how to set up SPF for your domain.
Categories: Technical
View Comments
There are 2 comments on this article
Adam Lewis (16 years ago)
Yes, all an SPF record is is a text DNS entry. The SPF record for adamwlewis.com looks like:
v=spf1 ip4:70.62.251.230 a -allThis means we're using SPF version 1, and that mail can be sent from the IP address 70.62.251.230 and from an A record in my DNS. This allows email to have adamwlewis.com on it if it comes from my mail server or from my web server.
Josh (16 years ago)
So you just add a text record to your DNS to make this work? What does a typical SPF record look like?