Saturday, June 19, 2010

How to Install SPF records on a cPanel server

SkyHi @ Saturday, June 19, 2010
Sender Policy Framework (SPF) is an attempt to control forged e-mail. SPF is not directly about stopping spam – junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren’t. While not all spam is forged, virtually all forgeries are spam. SPF was created in 2003 to help close loopholes in email delivery systems that allow spammers to “spoof” or steal your email address to send hundreds, thousands or even millions of emails illicitly.

Why do I want to have SPF records for my domains?

Many mail servers are now testing for the presence of SPF records so if you don’t have one your email will probably not be delivered to that server. A good example is Hotmail that is testing for SPF records since 2004.

What syntax should I use?

Now that you have learnt what it is and why you should use it, it’s time to see what syntax you should use.

For SPF to work you have to add to each DNS zone a record similar to this: 14400 IN TXT “v=spf1 a mx -all”

How to install SPF records?

Now that we know what they are and how to write them it’s time to install them.

I’ll divide my presentation in two sections.

In the first one I will teach you how to add a SPF record automatically to newly created accounts and in the second section how to add them to domains that are already setup and don’t have them.

If this is a new cPanel server or you want all the domains that you add on the server from now on to have a SPF record you have to do the fallowing:

  1. Login to WHM using root
  2. Click on Edit Zone Templates and then on “standard”
  3. Add at the end of file:
  4. %domain%. IN TXT “v=spf1 a mx -all” You can replace “v=spf1 a mx -all”

    with the syntax that you decide it’s the best for you.

  5. Repeat step 2 and 3 for the “simple” zone template

That’s it ! From now on all the accounts that you will create on the server will have a SPF record.

Now what do we do with all the accounts that are already created and don’t have a SPF record?

Here is a simple bash script to do this for you.

Run as root the fallowing:

for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/spf_installer $i ;done

Wait for it to finish. (it might take a few minutes!).

That’s about it. Hope it helps a lot a people !