Fortify your email server

Fortify your email server. But why? Nowadays your email will risk getting bounced by the receiver for security reasons.

SPF record

SPF (sender policy framework) is a protocol designed to detect and block email spoofing. It is a mechanism in which a receiving email server is told which sources to trust. This information is stored in TXT record (do not expect an actual SPF record here)  in the DNS zone file for the domain for example as TXT v=spf1 ip4:

Now any email with an address not originating from is suspect.

This is how Google mail deals with SPF, first an email (raw body) without SPF settings:

Received: from ([])
 by with ESMTPS id w11-v6si590606edr.322.2018.
Received-SPF: neutral ( is neither permitted 
nor denied by best guess record for domain of
 spf=neutral ( is neither permitted nor denied 
by best guess record for domain of

Next the email with with a SPF record in the zone file

Received: from ([])
 by with ESMTPS id p1-v6si1303721edq.94.2018.
 Received-SPF: pass ( domain of designate as permitted sender) client-ip=;
 spf=pass ( domain of designates as permitted sender)

Note the SPF  = pass.

PTR record

Another thing is setting a PTR (pointer) record. This will allow a so-called reverse lookup. The receiving mail server wants to check if the source from which the email is sent is allowed to act as the mailserver advertised.

If the sending server is with IP number then a new zone file is created for Yes, the numbers in the IP address are reversed and yes, the PTR record is NOT created in the zone file of the domain itself.

The new zone file will then contain a single dns record: 3600 IN PTR

Check the settings on the command-line:

dig -x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61780
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096