Sender Policy Framework

FAQ/Blocking spam

What policies besides SPF should I put in my MTA?

The SPF RFC says that SPF checks are only meaningful in certain situations.

MTAs can block a lot of spam even before SPF checks occur.

Here are some suggestions that will block a lot of spam. Only messages that get past all these rules need to be SPF tested.

The envelope sender domain must have either an A or MX record.
The A or MX record of that sender domain must not be in:
- 0.0.0.0/8
- 10.0.0.0/8
- 127.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
The connecting client IP address must have a PTR record.
The HELO hostname must be a well formed FQDN that has an A record, and it must not be your own hostname.

Note that rules 3 and 4 are often violated by legitimate but clueless domains who don't pay attention to these kinds of detail.

You can configure these settings in Postfix at http://www.postfix.org/uce.html

Unless noted otherwise, all content on this website is dual-licensed under the GNU GPL v2 and the Creative Commons CC BY-SA 2.5.
The openspf.org domain name was donated by James Couzens, and related domain names by John Pinkerton. Thanks!

Sender Policy Framework

FAQ/Blocking spam

What policies besides SPF should I put in my MTA?

The SPF Project

Documentation

Support