The majority of email spam on the Internet originates from forged addresses because SMTP allows any computer to send emails claiming to be from anyone.
For instance, a spammer can put your email address in the “From” field when sending out bulk emails
and the recipients may therefore incorrectly assume that the mail is
coming from you. If any of them chooses to report that spoofed message
as spam, its your email address that will be affected in the long run.
Authenticate your Google Apps Domain with SPF
To prevent spammers from forging the “From” field of their bulk messages with your email address, you can consider using a validation system like SPF (short
for Sender Policy Framework). It basically allows the email recipients
to verify that the server sending the email is authorized to send email
on behalf of the domain that is found in the sender’s email address.
Let me explain. If the IP address of my mail server is 1.2.3.4, I can add an SPF record to my web domain saying that all messages coming from this particular IP address. ISPs can match the mail server
address mentioned in my domain’s SPF record against the one present in
my emails and accordingly pass or bounce messages to their customers.
How to Implement SPF in Google Apps and Gmail
Let’s say you have a Google Apps domain at xyz.com and you are using the Gmail service for your incoming and outgoing email.
To
add an SPF record to your domain, open the page from where you can edit
your domain’s DNS records. Then add a new DNS record of type “TXT” and set the value as
v=spf1 include:_spf.google.com ~all
Save the
changes and this new DNS record should propagate across the Internet
within the next few hours. If you are interested in the technical
details, here they are are:
The entry _spf.google.com means that any server that is allowed to send mail from the IP addresses of Google Apps mail servers is also allowed to send mail from labnol.org. The ~alldirective
means that email messages that are not sent from an approved server
should still be accepted but may be subjected to greater scrutiny.
How to Check SPF Records of your Google Apps Domain
To ensure that your SPF record has been successfully added to your web domain, fire your command prompt and run the nslookup command in the following sequence:
- nslookup
- set query=txt
- xyz.com –> replace this with your domain name
If
the answer contains the google.com string that you have added in the
previous step, it indicates that SPF is successfully enabled for your
Google Apps / Gmail.
Verify SPF Records with an Email Message
Finally, to verify that your SPF record is live and working, just send a blank email message tospf-test@openspf.org and check-auth@verifier.port25.com from your Gmail address.
These services will
send you an instant reply containing the results of the SPF check – see
example. If you see a “pass” against the SPF check, that means things
are in place and it should prevent your Gmail messages from getting
rejected as spam because now the recipient can distinguish forged emails
from the real ones with a simple check.