Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 11th December 2006, 10:09
sgrayban sgrayban is offline
Junior Member
Join Date: Dec 2006
Posts: 22
Thanks: 0
Thanked 0 Times in 0 Posts
Default SPF and the difference between fail and soft fail

Ever looked at your SPF records that ISPConfig creates for you? Remember that last critical question it asked when you created it?
"Do the above entries contain all hosts allowed to send emails for this domain?"
When you answer 'yes' it sets the 'softfail' setting which isn't always a good thing. The softfail is "~all" which means that your domain can still be spoofed because most email servers allow mail to still go through with that error.

A complete fail is "-all" which means if it doesn't come from any of the assigned IP's or MX its fake and do not trust it.

I changed the default behaviour from ~all to -all since that would be the correct way to do it now. SPF is very stable and there is no real reason to allow a 'softfail' or 'tempfail' to happen still. That was the old way to do it while SPF was still in beta and it isn't anymore.

If you want to change the default way edit the file
search for '~all' and change to '-all'. It's around line 258.
    if($spfrecord['all_'] == 1){
      $spf .= '-all';
    } else {
      $spf .= '?all';
That's it. Now if email is sent from outside the defined settings receiving email servers that check for SPF will discard and fail the email and prevent spoofing of your domains by spammers.
Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 15:57.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.