Use SPF to block emails that have spoofed "From" addresses

A common practise of spammers is to spoof an email to appear that it comes from your local domain. Such emails will generally be accepted for delivery. In KMS 6.1.0 it is possible to configure SPF records to block such emails.

First, configure an SPF record for your domain. This is a TXT record that goes into your DNS. A very simple SPF record is as follows:

foobar.com. IN TXT "v=spf1 a mx -all"

This SPF record says that only "A" and "MX" records from foobar.com are allowed to relay email that claims to be from foobar.com. The "-all" part tells email servers to "hard fail" any IP address that fails the SPF check. It is critical to put in the "-all" and not the "~all" which is a soft fail. A soft fail does not block emails.

Next, in KMS 6.1.0, turn on SPF check and tell it to deny emails that fail the check.

For more information on SPF specification: SPF specification is located at: http://www.ietf.org/internet-drafts/draft-schlitt-spf-classic-02.txt