Tag Archives: mail

DKIM Signing and Mail filtering

Spam is always a concern when you have email. We have successfully integrated DKIM signing to our email system. As it can break mail delivery this is not done automatically. DNS records need to be in place for it to work properly. Thus if you’re hosted at CLDMV please contact us in order to help you with the process of setting up DKIM.

Next upgrade we have put in place is our own custom mail filter. Right now there isn’t much to it but injecting a header into emails to show it working. But soon there will be SMTP Relay limits (used to prevent compromised emails from flooding emails outbound), Custom spam filtering though DB rules, and probably some other things which I’m not thinking of currently.

The two main issues we had with putting our own Filter in place was the ability to maintain our Anti-Virus and Spam systems that were already in place while also being able to provide a second content filter. After many hours and tons of caffeine we were able to produce a system which kept our current system intact while adding the secondary system on top of it. As always Security in this manner was a great concern. Especially considering we would be handling external content. Several limitations are at play in current mail systems which caused us to create innovate techniques in order to send emails to our own system securely. We even attempted to hack our own mail server through emails and were unsuccessful.

DNS Mail Settings

While most people never have an issue with their emails. One of the most basic ways to help prevent being black listed and prevent spam from being spoofed from your domain name is to set up SPF records.

Here is http://cldmv.net/ SPF record:

We’ll go over what each of the portions mean now.

v=spf1

This specifies what version the SPF is. Currently the only version supported is spf1.

mx

Specifies that email originating from MX records of the domain name may send email as well.

ptr

Allows any sub domain of the domain to send out email. This can be spoofed but not very easily. Generally someone would need to have access to your DNS records to change this. Also if you have an A Record with “*” pointing to your server this helps prevent this as well.

include:cldmv.net

Specifies that any domain ending in cldmv.net may send email for the domain as well. Generally this would be for your hosting provider to determine based upon their setup.

-all

Notice the negative sign. It tells servers which follow SPF to reject all emails which do not meet the previously set rules.

Anyone hosting email with CLDMV should set their MX record to mx.cldmv.net as well as add the following txt record in order to insure emails are sent and recieved following SPF.