Solved

help upderstanding TXT records

Posted on 2014-03-27
7
268 Views
Last Modified: 2014-03-27
Hi
we have had a lot of issues with email spoofing on our domain
I have been adviced to add a TXT record to our DNS to try to minimize this

I have entered this string of text:

v=spf1 a:mail.e-advice.dk ip4:87.116.17.68 ptr:mail.e-advice.dk -all

Can i get anyone to talk me through with plain english and break down each statement, what this mean so I can understand if this looks correct for our domain?

The domain i am testing with is e-advice.dk

Thanks
0
Comment
Question by:morten444
  • 3
  • 3
7 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 39958668
You are really adding an SPF record to your dns. Take a look at...

http://www.zytrax.com/books/dns/ch9/spf.html
0
 

Author Comment

by:morten444
ID: 39958864
Hi
Thanks for link
yes i have read alot but missing the understanding of this line as i am not techincal myself, i dont quite understand. I need a walk through of the sentence.
I will write what i understand then anyone can correct or rewrite the right understanding


v=spf1 a:mail.e-advice.dk ip4:87.116.17.68 ptr:mail.e-advice.dk -all

v=spf1 = Mandatory as defining version

a:mail.e-advice.dk
Any mail send from domain e-advice.dk kan only be sent from this mail server.
This means the spoofing mails send from other mail server in our name will not reach as long as receivers mailserver check SPF records. Is that right?

ip4:87.116.17.68
The smtp server mail.e-advice.dk kan only operate on IP 87.116.17.68?

ptr:mail.e-advice.dk
Something to do with reverse DNS but what does this statement actually do.
Can anyone explain
e-advice.dk is using SMTP Server mail.e-advice.dk and this has a valid Reverse DNS


-all
Fail. Domain owner deems this a conclusive test.
Not sure i understand. Does it just mean that there are no exeptions.
Any mail from e-advice.dk HAS to YES OR YES use SMTP: mail.e-advice.dk with no exeption for any account?

Please have a look at this and correct where i am wrong.
In this way i can understand what each of the rules means

Thanks a log
0
 
LVL 20

Accepted Solution

by:
carlmd earned 500 total points
ID: 39958985
Here is an explanation....

a:mail.e-advice.dk
Using an "a" here indicates you want to use dns to translate the name url to an ip address
you could also use the ip address of your mail sender instead as you did with
ip4:87.116.17.68   You don't need both. You could also have multiple ip4 statements on the line if you have more than one valid mail sender.

ptr:mail.e-advice.dk
This forces a reverse dns lookup, which is not necessarily desirable. This can fail if you dns (and isp) is not set up properly. It also makes it take much longer to verify.

the -all signifies that if there are no matches in the previous statements, then fail the test.

You could simplify you SPF record to just
v=spf1 ip4:87.116.17.68 -all
which simply says that if the mail is not sent from this ip address, then fail it.

You can choose to use the SPF record as you wrote it since it is valid.

You can test your SPF records at....
http://www.kitterman.com/spf/validate.html

Hope that helps.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:morten444
ID: 39959040
Hi Carlmd
Thanks for the good explenation.
Last question before rewarding

Is the line i have good and should it do some help against email spoofing?
0
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39959070
Not to hijack, but yes, using SPF records will not reduce the amount of spam that is using a spoofed address from your domain. However it does allow recipients to perform an spf lookup on your domain to determine if the sending IP address/hostmail matches the DNS SPF record.

Example:
bob@domain.com - sending server is 1.1.1.1

Recipient does SPF lookup: SPF Records for 2.2.2.2

1.1.1.1 <> 2.2.2.2 and the mail will fail the SPF check and end up quarantined or dropped or whatever action is used by the recipient mail filter.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 39959129
Yes, it will help prevent your recipient sites that check SPF records, from receiving spoofed email from your domain.
0
 

Author Closing Comment

by:morten444
ID: 39959404
Thanks for a detailed answer
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now