SPF Records and spoofed email

Posted on 2009-12-28
Medium Priority
Last Modified: 2013-12-09
I recently had some email addresses in my domain spoofed.  As a result, we ended up on a couple of blacklists.  I did not have SPF records in place.

I have just added SPF records and am waiting for them to propogate through Network Solutions servers.  Once they show up, I will test for validity.

I'm hoping this will take care of my spoofing issue and then I can request to be delisted.

Should this work or is there something else I should be doing to solve my problem?

Thanks in advance for any input.
Question by:angela_obrien
  • 3
  • 2

Accepted Solution

sardiskan earned 500 total points
ID: 26133796
Make sure you also have reverse DNS records. Some email servers reject email if there is no reverse record for it.
LVL 17

Assisted Solution

Mike_Carroll earned 500 total points
ID: 26133815
Not everybody recognises SPF records. Generally speaking, blacklisting does not happen based on the email address used... it's the IP address that gets blacklisted. Check your configuration to make sure that nobody is relaying through your system.

Author Comment

ID: 26133879
Thanks for the replies.  Reverse DNS is fine.  If I run a blacklist check on my public IP address, nothing shows up....if I run it by domain name, we show up on one list.  That is what led me to believe we were listed due to the spoofing issue.  

We show up on a second list just because we are listed on the first one.  

I've done a check on my Exchange server.  We are not an open relay and my firewall shows no odd connections that might indicate a virus on one of the workstations.

The spoofing thing was the only reason I could think of that we would be listed for.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 17

Expert Comment

ID: 26134254
Could you be blacklisted because of your public IP address? In other words, has the subnet been blacklisted?

Author Comment

ID: 26138145
Hi Mike,
We have had this IP address for about a year now and it wasn't listed before.  

Author Comment

ID: 26138170
I've requested removal from the list and the request was granted.  I've checked and rechecked everything and can't figure out why we were listed.  Again it's only one list.

I realize that not everyone recognizes SPF but it can't hurt to have one in place.

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question