Link to home
Create AccountLog in
Avatar of fuzzyfreak
fuzzyfreak

asked on

How do I add a domain to my SPF record to only allow them to send from one mailbox account?

I have been asked by a company to configure my SPF record (presumably done through my mail host site i.e. names.co.uk) to allow their domain the ability to send-as on one of our mailboxes.  Their request appears to grant them the ability to send-as on any of our mailboxes, is this the case?  I am not sure how they can only have access to that particular e-mail address e.g. customerservice@mydomain.com.

Thanks
Avatar of Dan McFadden
Dan McFadden
Flag of United States of America image

SPF has nothing to do with mailboxes.  It is a special DNS record that tells other mail servers, that are SPF aware, what servers are authorized to send emails for specific DNS domains.

Info about SPF:
1. http://www.openspf.org/Project_Overview
2. http://en.wikipedia.org/wiki/Sender_Policy_Framework

If you want to create a SPF record for a domain, you could use the following online wizards to help you create a properly formatted DNS record:

1. http://www.spfwizard.net/
2. http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
 
Dan
You can test out your SPF record using this online tool:

http://mxtoolbox.com/spf.aspx

Dan
Avatar of fuzzyfreak
fuzzyfreak

ASKER

Thanks Dan, so in answer to my question "Their request appears to grant them the ability to send-as on any of our mailboxes, is this the case?"
ASKER CERTIFIED SOLUTION
Avatar of Dan McFadden
Dan McFadden
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Yes, sorry Dan I get that and realise my question should have been rephrased to avoid any mention of mailboxes, however your answer has made it even more clear to me and I appreciate the comprehensive clarification.
What I really wanted to know was, could this be open to abuse? - I am effectively giving this company permission to send through my DNS and look like it is coming from us - I guess it raised my sysadmin alarm bells and wondered if I could put something in place to only allow them to send e-mails that match customerservice@mydomain.com - which, I am assuming will not be possible.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
What I really wanted to know was, could this be open to abuse?
- theoretically yes, it could be abused.  Since this is a third party, who know what goes on in/on their servers.  There could be any number of things that could allow something to go wrong.  Hardware issues, software issues or misconfigurations... and let's no forget the people managing those servers or the people using.

wondered if I could put something in place to only allow them to send e-mails that match customerservice@mydomain.com
- see question 4 below.

My questions are:
1. why was this requested?
2. for what purpose will it be utilized?
3. is this an IT use or a Business use case?
4. could you give them an account on your mail server and grant them secure access to it? (think Exchange and OWA)
4a. would this solve the use case?

Dan
Excellent and comprehensive answers to my questions.