I recently received a lot of what is called “Backscatter” spam email messages. These types of spam messages are different than regular spam in that the messages I received were from the “Mail Delivery System” and “Mail Delivery Subsystem”. (MDS) They were notices that emails that “I” tried to send didn’t get sent. I emphasise the word “I” because, well.. because I didn’t send them.
Here’s what happened, a spammer decided to use my domain name for a return email address on their messages that they sent. When the messages were sent to email addresses or domains that did not exist, the receiving server sends a report to my server that the message was not sent, for whatever reason and composes a MDS email. These messages make it back to my mailbox, as though I were the person sending these horrible emails.
So I set to work on seeing what could be done to stop this abhorrant abuse. Here’s what I’ve come up with. SPF – Sender Policy Framework. Basically, it’s dependent upon the receiver’s server to come to my server and check to see if it’s coming from me, really. If the receiver’s mail server doesn’t check for a SPF record, the spam will be sent through.
Previously, my SPF TXT record looked like this:
“v=spf1 a mx ?all”
I changed it to look like this (where myISPhost.com = my particular ISP host, because I use my host’s SMTP server to send mail:
“v=spf1 a mx include:myISPhost.com ~all”
The change from a ? to a ~ basically says, ONLY accept messages coming directly from my mail server, OR from my internet service provider, and nowhere else.
When I go on vacation, I’ll need to hook up directly to my webmail to send messages, because if the ISP is not the one I have specified, the message WILL NOT be sent because I normally use the SMTP server of my ISP in my email program.
Unfortunately, this will not decrease the amount of backscatter because it will still send me failed reports, but by setting the SPF record this way, it will make my server less desirable to spammers, because of the higher fail rate.
I hope that you have found this helpful.
If I am hosting your site, and you wish for me to update your SPF record, please feel free to contact me. Let me know if you are sending email from your domain but use the SMTP of your ISP, (See the “Sending mail” preference of your email account) and I will update your DNS entry to make your server less desirable to spammers as well.
If you have found this page and I’m not hosting your domain and you would like to set up your SPF text record in your DNS records, and have access to WHM (WebHost Manager) you can update this record by going to “Edit DNS zone” and either editing what is there, or adding a TXT line, similar to the one above. If you need help creating this line, openspf.org has a setup wizard that can automatically generate your code there. I understand you can do it through SSH as well, but I don’t know how to do that. If you don’t know where to start to edit your DNS zone, contact your web hosting company. They should be able to help you.