What Is Sender Policy Framework (SPF).
The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. The current version of SPF - SPFv1 or SPF Classic protects the envelope sender address, which is used for the delivery of messages.
Even more precisely, SPFv1 allows the owner of a domain to specify their mail sending policy, e.g. which mail servers they use to send mail from their domain. The technology requires two sides to play together: (1) the domain owner publishes this information in an SPF record in the domain's DNS zone, and when someone else's mail server receives a message claiming to come from that domain, then (2) the receiving server can check whether the message complies with the domain's stated policy. If for example the message comes from an unknown server, it can be considered a fake.
More info on this here: www.openspf.net
Spoofing a 'reply to' address is very easy to do, so is wide open to abuse.
Spammers will often 'hijack' a users domain and send a mass mail shot out using the unsuspecting users 'reply to' address so that all the emails that are not successful 'bounce back' to the unsuspecting user rather than the actual sender. Alternatively a single email could be sent purporting to come from the the users domain without the recipient knowing that the message did not actually come from the genuine domain holder.
Normally the first thing that a user notices when this has happened is the messages that are bounced back so they get hundreds if not thousands of rejected email messages in their mail box.
Often the user receiving the messages either does not take the time to actually read the messages or does not understand them so thinks that the emails they are getting are spam when in fact it is a legitimate error messages rejecting the original spam messages that were sent out using their domain as the reply to address.
In the past it has been suggested (by one spam filtering company) that bounce back error messages should be disabled. However these message are there for a very good reason as this would be the only way that a genuine sender would know if there was a problem when they send an email to a user. As SPF records give you the best of both worlds there is zero excuse for taking this stance and the really interesting part is that the spam filtering companies own solution relies on a bounce back to let you know that an email is blocked when they black list a mail server (Pot Kettle black etc). However distinction must be made between bounce back error email messages (ie an email is sent back to the sender) and bounce back error messages (ie a message retuned from one mail server to the originating one). Error emails are disabled on our mail servers however error reports are not.
The proper solution is to use SPF records. These are DNS records for your domain name that define which outgoing (smtp) mail servers are allowed to send email from your domain name. Although not all ISP's check for SPF records most of the major ones do which means that even if it does not eliminate the problem completely it will reduce it and most importantly it makes the domain name very unattractive to spammers as a great majority of their emails they send out will be rejected.
The only drawback is that once you nominate which mail servers you authorise for your domain these are the only ones you can use.
If your domain uses our name servers.
If your hosting plan has the DNS manager enabled and you are familiar with DNS records you can add these records yourself. When using our email service we would advise using the below
SPF record: v=spf1 a mx include:spf.cust.host-it.co.uk -all
This specifies that your web server, mail servers and any of our mail relays are able to send email on behalf of your domain, anything else would be rejected. If you send email via any other providers or methods, you will need to adjust the SPF record accordingly, if you're unfamiliar with this you can use a tool like spfwizard.net, remembering to include our record in the include section.
The SPF record should be added to your domain as a TXT record, you can add this record from the DNS manager section of your Plesk hosting panel.
