Please enable JavaScript to view this site.
Anti-spoofing tools are designed to help prevent a spammer/hacker from sending spoofed email, disguised as coming from your website.
Sender Policy Framework (SPF) is a DNS text entry that shows the list of servers allowed to send mail for a specific domain.
The SPF record for WebTracker.one is as follows:
The record can be verified at with the google DNS Dig tool.
Emails can be sent by IP address - 104.236.122.237, and by zoho.com, which is the email service that I use. (Note: It is automatically understood that emails for a domain such as webtracker.one can be sent by that domain. In fact, it is recommended that an SPF record not contain “include:domain_name.com” because this can cause a recursive loop.)
Notice that the TXT entry ends with -all, which is preferred to ~all.
~all indicates a soft fail. A soft fail tells email hosts that if a sender is not listed as an allowed sender in the SPF entry, to go ahead and forward the email anyway. The soft fail defeats the purpose of the SPF entry. Instead, a hard fail -all, tells email hosts to block the email from the unauthorized source.
Identified Mail (DKIM) is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to have come from a specific domain was authorized by the owner of that domain.
The DKIM record can be found for any site using the google DNS Dig tool. Here is an example: (Notice that the selector must be known for the lookup. Here the selector is
Domain-based Message Authentication, Reporting and Conformance (DMARC) instructs email providers how to handle an unauthenticated email and where to send reports about authentication failures.
In order to get the DNS entry for a domain with the google DNS Dig tool, you must do the lookup in this format: _dmarc.domain_name.com.
Using the google DNS Dig tool, here is an example:
The DMARC policy (p=…..) can be set to none, quarantine, or reject.
None: Tells the email host to ignore any SPF or DKIM failures and send the email through.
Quarantine: Send questionable emails to the Junk folder.
Reject: Block unauthenticated emails.
I have found that the best tool for doing a quick search to verify the SPF, DKIM, and DMARC records, and to get instructions, is EasyDMARC.
Sender Policy Framework (SPF) is a DNS text entry that shows the list of servers allowed to send mail for a specific domain.
The SPF record for WebTracker.one is as follows:
TXT 'v=spf1 ip4:104.236.122.237 include:zoho.com -all'
The record can be verified at with the google DNS Dig tool.
Emails can be sent by IP address - 104.236.122.237, and by zoho.com, which is the email service that I use. (Note: It is automatically understood that emails for a domain such as webtracker.one can be sent by that domain. In fact, it is recommended that an SPF record not contain “include:domain_name.com” because this can cause a recursive loop.)
Notice that the TXT entry ends with -all, which is preferred to ~all.
~all indicates a soft fail. A soft fail tells email hosts that if a sender is not listed as an allowed sender in the SPF entry, to go ahead and forward the email anyway. The soft fail defeats the purpose of the SPF entry. Instead, a hard fail -all, tells email hosts to block the email from the unauthorized source.
Identified Mail (DKIM) is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to have come from a specific domain was authorized by the owner of that domain.
The DKIM record can be found for any site using the google DNS Dig tool. Here is an example: (Notice that the selector must be known for the lookup. Here the selector is
zmailor
zmail._domainkey.
Domain-based Message Authentication, Reporting and Conformance (DMARC) instructs email providers how to handle an unauthenticated email and where to send reports about authentication failures.
In order to get the DNS entry for a domain with the google DNS Dig tool, you must do the lookup in this format: _dmarc.domain_name.com.
Using the google DNS Dig tool, here is an example:
'v=DMARC1; p=reject; sp=reject; adkim=r; aspf=r'
The DMARC policy (p=…..) can be set to none, quarantine, or reject.
None: Tells the email host to ignore any SPF or DKIM failures and send the email through.
Quarantine: Send questionable emails to the Junk folder.
Reject: Block unauthenticated emails.
I have found that the best tool for doing a quick search to verify the SPF, DKIM, and DMARC records, and to get instructions, is EasyDMARC.
* posted by Robert on Thu, Jul 14, 2022
Site built and hosted by RJdesign.one