SPF record and Godaddy

We use godaddy to manage our domain entries. Latley I have have alot of emails that appear to be comming from internal telling users that their account is disabled or virus software is not right and to click the link. I know the ip address that these are comming from which is definitely not internal. If I set up an SPF record with godaddy will these emails stop? Has anyone did this with godaddy and able to give me a quick rundown on how exactly I should set this up? And last, do I set up the record with godaddy or somewhere else.

As I am sure that you can tell I am very grey in this area so please be specific.
If anyone needs more info, I will provide it.

Thanks much,
Mark
LVL 2
UnifiedITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NiclasHCommented:
I think hotmail will do reverse MX lookup from October using SPR record, to my knowledge no company checks for them now. If you set them up in your dns that make sure that you can send mail to hotmail.

What kind of mails do you get and what is the problem with those? Do you get an Non Delivery Report sending mails to specific domains?
UnifiedITAuthor Commented:
Many users receive emails from administrator@domain.com, info@domain.com, postmaster@domain.com, and so on. Many of these are to accounts that are not on the domain like sue@domin.com. This will create a NDR to the administrator mailbox because the email is spoofed to look as though it is internal. I educate the users to disregaurd all emails like this and to never click in the link that the email provides. It is more of an annoyance than anything. I use GFI mail essentials 10.1 and it will labe the email as spam but does not block it beacuse as far as it knows it is from inside our domain. It is very frusterating trying to stop these.
ATIGCommented:
spf records are new and not heavily in use at this moment -- you would need a sever that will support sender ID and this functionality will be released in Exchange 2003 sp2  and allow you to select 3 options related to servers and spf records pass through with a tag, delete with no ndr, and reject.

If you use the delete or reject -- alot of domains do not currently have spf and you would be blocking them and also if a spammer setups an spf record it would still get throught this functionality.

The best thing you can configure at this time would be RBL lists and Revserse Dns lookups

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

e2k3tekCommented:
THese are all great answers but why don't you just call up GODADDY directly and talk to them? I use them also and their tech support is really pretty good at helping out.

CT
UnifiedITAuthor Commented:
I did. Godaddy can not help me set it up because we do not use email through them. We have our own mail server. From the posts avove, it sounds like an spf record will not help anyway at this time. I will have to look into a solution another way.

This is a copy of a message that a user received this morning

Dear domain Member,

We have temporarily suspended your email account user@domain.com.

This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your Unified-sg account.

Sincerely,The domain Support Team

This message came to her addresses from administrator@domain.com. This did not come from our box.

I will start looking into other solutions
Thanks,
ATIGCommented:
when you put in domain.com does it really say that or you just using it as an example..... what type of AV/Spam software are you running on your Gateway or Exchange envrionment.

Note as of Exchange 2k messages in the from field that are authenticated are resolved to the Gal listed non authenticated messages show the entire address i.e

john smith -- valid
john.smith@XXXX.com -- invalid spoofed message


You really need to enable Reverse Dns lookups and RBL
UnifiedITAuthor Commented:
Domain.com is example. Our domain is listed so user believe that is is from internal. They should all know not to open a message such as this. I use GFI mail essentials 10.1 as a spam solution and Groupshield 6 as an anti-virus solution. I am new to exchange so forgive me when I ask where can I enable Reverse domain lookups and RBL. I will do some research and look it up also.
Thanks ATIG
ATIGCommented:
http://support.microsoft.com/default.aspx?scid=kb;en-us;823866

This may help you some however you should also crank up your smtp logging and check message tracking logs to see what ip these messages are coming from and you could then block this ip/spammer from sending these messages.

Its possible the address will be on the block and list and get rid of this problem, also your AV or Mail essential problay has this functionality buildt in as well.
UnifiedITAuthor Commented:
I do have the IP that these are comming from. Same IP every time. I will read up to see where to block it. I have placed a complaint with the ISP but they still keep comming.
ATIGCommented:
Its in the same place that you do RBL

--OPen ESM
-- Global Settings
--properties on message delivery
--connection filtering
-- global accept and deny list
--select deny and input the ip
UnifiedITAuthor Commented:
These must be settings for 2003? I am using 2000, I should have stated this in the beginning. I see the filter tab but no accept and deny list, just the filter list.
ATIGCommented:
Yes -- I believe this is new to 2003 however you should still be able to deny ips in your AV/spam product
ATIGCommented:
I dont know how big your envrionment is but I would recommend you upgrading to 2003 if you can -- the features and functionality -- improved OWA -- Recovery Storage Groups -- etc etc
UnifiedITAuthor Commented:
I notice that every thing that I am tring to stop from getting through or fix on our box is now available with 2003. I would live to upgrade and even get a front end exchange box to filter all of this stuff out. I see that as I am learning exchange that having a front end mail server that filters and then passes to the backend is the way to go. Right now our server is on the front line(behind a firewall of coarse). I think that the bis killer with upgradimng is having to purchace all of the CALs. I am not a licensing expert but don't you have to purchace new CALs for every user? Or is that only if we upgrade to Outlook 2003 as well?
ATIGCommented:
The purpose of a front end server is to offload protocols and allow for users to his a single name space reguardless of thier mailbox location -- IE 500 backends all around the world -- user hit 1 url and no matter where there mailbox is gets thier OWA -- a typical setup would  include smtp gateway in which all mail enters and leaves the system allowing for AV and spam functionality to be offloaded and control message flow.

ewww licensing is somthing I never can figure out , but I think you would have to update your cals however buy doing so would give you liscenses to Outlook 03 for everyone
UnifiedITAuthor Commented:
Thanks for the help. You got me on the right track and helped me out with more that I asked. I am awarding you the points and increasing it to 500.

Thanks for all the help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.