Home | Sitemap | Recent Changes | Login

SPF Logo

Sender Policy Framework

FAQ/Blocking spam

What policies besides SPF should I put in my MTA?

The SPF RFC says that SPF checks are only meaningful in certain situations.

MTAs can block a lot of spam even before SPF checks occur.

Here are some suggestions that will block a lot of spam. Only messages that get past all these rules need to be SPF tested.

  1. The envelope sender domain must have either an A or MX record.
  2. The A or MX record of that sender domain must not be in:
    • 0.0.0.0/8
    • 10.0.0.0/8
    • 127.0.0.0/8
    • 172.16.0.0/12
    • 192.168.0.0/16
  3. The connecting client IP address must have a PTR record.
  4. The HELO hostname must be a well formed FQDN that has an A record, and it must not be your own hostname.

Note that rules 3 and 4 are often violated by legitimate but clueless domains who don't pay attention to these kinds of detail.

You can configure these settings in Postfix at http://www.postfix.org/uce.html