Jon’s Diary

Recently, the volume of spam I was receiving has massively increased. In the past almost all of my spam was detected correctly by SpamAssassin and filtered out. However, this recent increase of spam has had the added issue of being sent to me with a spoofed ‘from’ address being the same as the ‘to’ address. Since SpamAssassin assumes I’m not going to spam myself, it doesn’t detect these mails quite so effectively.

I also wasn’t alone. A number of other people with mail hosted on my server complained of the same issue. So, I set about finding a solution.

After a few googles, I stumbled upon the Sender Policy Framework, or SPF.
It’s very simple in the way it works, is quick to set up, and best of all it costs nothing!

First you need to add a new DNS entry to the domain you want to protect. The following TXT entry tells the world that the only host authorised to send email from the domain jonpascoe.co.uk is the A record that it resolves to. All other sending hosts should be ignored.

jonpascoe.co.uk. 86400 IN TXT "v=spf1 a mx -all"

Once you’ve added your DNS TXT entry, it’s just a simple matter of configuring your MTA to look for the Received-Spf email header and filter your mail accordingly.

In the last couple of days, I haven’t sent myself a single spam email!
As an added bonus, if spam is sent “from me” to somebody else on the internet, and their MTA is configured to use SPF, they should block the mail too.