Fortify your email server. But why? Nowadays your email will risk getting bounced by the receiver for security reasons.
SPF (sender policy framework) is a protocol designed to detect and block email spoofing. It is a mechanism in which a receiving email server is told which sources to trust. This information is stored in TXT record (do not expect an actual SPF record here) in the DNS zone file for the domain for example as
mydomain.nl TXT v=spf1 ip4:220.127.116.11
Now any email with an @mydomain.nl address not originating from 18.104.22.168 is suspect.
This is how Google mail deals with SPF, first an email (raw body) without SPF settings:
Received: from vs935.mydomain.nl ([22.214.171.124]) by mx.google.com with ESMTPS id w11-v6si590606edr.322.2018.06.30.03.59.17 Received-SPF: neutral (google.com: 126.96.36.199 is neither permitted nor denied by best guess record for domain of email@example.com) client-ip=188.8.131.52; Authentication-Results: mx.google.com; spf=neutral (google.com: 184.108.40.206 is neither permitted nor denied by best guess record for domain of firstname.lastname@example.org) email@example.com
Next the email with with a SPF record in the zone file
Received: from vs935.mydomain.nl ([220.127.116.11]) by mx.google.com with ESMTPS id p1-v6si1303721edq.94.2018.06.30.13.22.39 Received-SPF: pass (google.com: domain of firstname.lastname@example.org designate 18.104.22.168 as permitted sender) client-ip=22.214.171.124; Authentication-Results: mx.google.com; spf=pass (google.com: domain of email@example.com designates 126.96.36.199 as permitted sender) firstname.lastname@example.org
Note the SPF = pass.
Another thing is setting a PTR (pointer) record. This will allow a so-called reverse lookup. The receiving mail server wants to check if the source from which the email is sent is allowed to act as the mailserver advertised.
If the sending server is vs935.mydomain.nl with IP number 188.8.131.52 then a new zone file is created for 219.20.80.in-addr.arpa. Yes, the numbers in the IP address are reversed and yes, the PTR record is NOT created in the zone file of the domain itself.
The new zone file will then contain a single dns record:
184.108.40.206.in-addr.arpa. 3600 IN PTR vs935.mydomain.nl
Check the settings on the command-line:
dig -x 220.127.116.11 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61780 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;18.104.22.168.in-addr.arpa. IN PTR ;; ANSWER SECTION: 22.214.171.124.in-addr.arpa. 3600 IN PTR vs935.mydomain.nl.