SpamTitan & SPF Records

spamtitan-logo

As many of you know, we offer a paid business class spam filtering option called SpamTitan. You may not know, however, that whether or not you pay for inbound SpamTitan filtering all of your outbound email is still filtered by our SpamTitan cluster. If you aren’t familiar with our SpamTitan filtering you can learn more about it or signup for a free trial here.

We began filtering all outbound email through our SpamTitan cluster back in 2012 because we knew how important email delivery was to our clients. Since then we’ve experienced very few issues with our outbound mail IP addresses getting black listed or having a less than excellent reputation.

The vast majority of our outbound spam comes from forwarders that clients have setup to forward their domain’s email to their Gmail or other third party account. The filtering stops a lot of these spam messages from being forwarded and negatively impacting our IP reputation. Occasionally we do also see an email account’s login information having been compromised and used to send spam via SMTP and SpamTitan is able to stop most of these messages from ever leaving our network.

Over the past couple of weeks we’ve further improved upon this setup by adding various alias IP addresses for outbound email delivery. This spreads the outbound delivery load over many different IP addresses so that if for some reason one of them gets blacklisted or a poor reputation we can simply remove it from the pool of usable outbound IP addresses until the issue is resolved. In doing so we do need to make sure that clients utilizing SPF, especially with -all, have a proper record setup.

IMPORTANT: The required SPF record has changed since this post. You can find the most recent SPF record requirements here.

A domain’s SPF record can be easily configured from within the Email Authentication section of cPanel. It’s just a matter of enabling it and making sure the record is correct. If you will be sending email from your domain on our server either via a script, webmail, or SMTP, you need to make sure that you’ve added the spf.gzo.com A record to your SPF record. If you don’t have a SPF record enabled that is fine and you don’t have to worry about any of this. Below you can see a screenshot of the cPanel interface with this having been configured. It may look a little different depending on your chosen theme though we highly recommend Paper Lantern as shown below.

cpane-spf

As you can see there, the important part in your raw record is the “+a:spf.gzo.com” which is added by simply adding “spf.gzo.com” in the “Additional Hosts that send mail for your domains (A)” field. Once you’ve confirmed that your SPF record is absolutely correct we highly recommend selecting the ALL check box near the bottom.

cpanel-spf-all

This option tells recipient mail servers to fully enforce your SPF record and will result in email from unauthorized sources being rejected. If you would like any assistance or clarification concerning any of this please feel free to submit a ticket and we’ll be happy to help.

Leave a Reply