Checking to see if SMTP server is legitimate for a domain

Is there a mechanism in place to authenticate an SMTP server as an authorized or legitimate sender of e-mail for a domain?

Two mechanisms used to check if a mail-sending machine is legitimate for a domain are Sender Policy Framework (SPF) and Sender-ID. SPF provides for using DNS records to define which machines can send mail for a domain. For a good overview, check out the OpenSPF site and the Wikipedia entry on Sender-ID. Sender-ID is a variation on the theme and is essentially a superset of SPF. Sender-ID utilizes the same type of DNS entries but uses them differently to determine whether mail is being sent legitimately. Publishing SPF records for the mail host puts you in a position where the receiver side can verify that the mail came from a legitimate mail sender for the domain. The DNS entries used by SPF and Sender-ID are TXT records that look like mail.yourdomain.com IN TXT “v=spf1 a ~all” . 

There is an online form wizard useful for creating initial SPF DNS entries along with links to FAQs and a list of common mistakes to avoid when creating your records. There are also links to SPF testing tools available there. SPF and Sender-ID are useful tools for providing other domains the ability to determine that your e-mail has been sent from a legitimate mail host. This is becoming more important as more mail services (such as Gmail) implement SPF checks on incoming mail.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Is there a mechanism in place to authenticate an SMTP server as an authorized or legitimate sender of e-mail for a domain?

Two mechanisms used to check if a mail-sending machine is legitimate for a domain are Sender Policy Framework (SPF) and Sender-ID. SPF provides for using DNS records to define which machines can send mail for a domain. For a good overview, check out the OpenSPF site and the Wikipedia entry on Sender-ID. Sender-ID is a variation on the theme and is essentially a superset of SPF. Sender-ID utilizes the same type of DNS entries but uses them differently to determine whether mail is being sent legitimately. Publishing SPF records for the mail host puts you in a position where the receiver side can verify that the mail came from a legitimate mail sender for the domain. The DNS entries used by SPF and Sender-ID are TXT records that look like mail.yourdomain.com IN TXT “v=spf1 a all” . 

There is an online form wizard useful for creating initial SPF DNS entries along with links to FAQs and a list of common mistakes to avoid when creating your records. There are also links to SPF testing tools available there. SPF and Sender-ID are useful tools for providing other domains the ability to determine that your e-mail has been sent from a legitimate mail host. This is becoming more important as more mail services (such as Gmail) implement SPF checks on incoming mail.

Read more about data center in Network World's Data Center section.