How do I set up SPF to block one domain but not others?

Elo all,

I have a google apps account that runs on an old domain name - example.old - that is no longer used. I don't want anything to be able to send from example.old any more. Primarily its the old brand, but also we have been getting a fair bit of spoofing happening on it recently - even though I've done everything else I can think of to prevent it.

I also have several other domains - example.new and exemplum.new - that I do want to be able to send from. Unfortunately, my current SPF setup makes most messages sent by example.new and exemplum.new go to a recipients spam bos, or just bounce straight back.

How do I set up SPF so that it blocks emails sent from example.old but not emails from example.new and exemplum.new?

TY MUCHLY! :D

James

James Geddes

Posted 2015-09-25T09:48:12.763

Reputation: 141

In principle there should be no connection or link between the SPF records for different domains. So you'll have to tell us what you're doing to link them so that we can tell you how to undo it. – Mike Scott – 2015-09-25T10:01:25.130

Answers

In SPF, each domain can have it's own SPF record. Setup one for example.old that looks like this

v=spf1 -all

That means basically, that this domain should never send emails. If someone receives an email from someone@example.old, the receiving mail server should reject the email.

All other domains get their individual SPF records that mention the authorized senders, like for example

v=spf1 a mx include:thatcloudprovider.xyz -all

The only thing you cannot do in your scenario is, setting up only one SPF record, like for example in _spf.example.main and have all domains redirecting to it like v=spf1 redirect=_spf.example.main which would otherwise be a good practice of DRY ("Don't Repeat Yourself").

SPF Guru

Posted 2015-09-25T09:48:12.763

Reputation: 21

Set up a different SPF record for example.old as compared to the other two domains.

For example.old, use -all in your SPF record to help ensure everything sent from it fails.

sa289

Posted 2015-09-25T09:48:12.763

Reputation: 313