2

Email Sender Authentication

Came across a very interesting service today while trying to setup Sender Policy Framework (SPF) for my work email domain.

Port25 Solutions*, an email infrastructure software provider, has a service that helps check the sender authenticity of your email service (ie, the SPF settings, DomainKeys, etc) and also the spam rating of your email according to SpamAssassin’s settings.

Basically, it works by sending an email to this address:
[email protected]
The content of the email can be empty, or if you want to test your marketing email or newsletter for “spamminess” against a SpamAssassin filter, you can include it as the email subject and content.

After sending the email, the service will reply with a report detailing your authentication settings and the spam rating of the email that you have sent.

The is a truncated report of my domain before implementing SPF:

This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
<<a href="mailto:[email protected]">[email protected]</a>>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          neutral
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    neutral
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  mail.brainfart.sg
Source IP:      209.141.57.235
mail-from:      <a href="mailto:[email protected]">[email protected]</a>

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: <a href="mailto:[email protected]">[email protected]</a>
DNS record(s):
    brainfart.sg. SPF (no records)
    brainfart.sg. TXT (no records)

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: <a href="mailto:[email protected]">[email protected]</a>
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         neutral (SPF-Result: None)
ID(s) verified: <a href="mailto:[email protected]">[email protected]</a>
DNS record(s):
    brainfart.sg. SPF (no records)
    brainfart.sg. TXT (no records)

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)

Result:         ham  (-0.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                            domain
-0.0 BAYES_40               BODY: Bayes spam probability is 20 to 40%
                            [score: 0.3966]
 0.0 HTML_MESSAGE           BODY: HTML included in message

And this is after implementing SPF:

<pre>This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
<<a href="mailto:[email protected]">[email protected]</a>>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  mail.brainfart.sg
Source IP:      209.141.57.235
mail-from:      <a href="mailto:[email protected]">[email protected]</a>

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: <a href="mailto:[email protected]">[email protected]</a>
DNS record(s):
    brainfart.sg. SPF (no records)
    brainfart.sg. 86400 IN TXT "v=spf1 mx -all"
    brainfart.sg. 86400 IN MX 10 mail.brainfart.sg.
    mail.brainfart.sg. 85429 IN A 209.141.57.235

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: <a href="mailto:[email protected]">[email protected]</a>
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: <a href="mailto:[email protected]">[email protected]</a>
DNS record(s):
    brainfart.sg. SPF (no records)
    brainfart.sg. 86400 IN TXT "v=spf1 mx -all"
    brainfart.sg. 86400 IN MX 10 mail.brainfart.sg.
    mail.brainfart.sg. 85429 IN A 209.141.57.235

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)

Result:         ham  (-1.9 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                            domain
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0000]
 0.0 HTML_MESSAGE           BODY: HTML included in message

Pretty nifty eh?

And there is another use for this service that I can foresee, testing end-to-end email connectivity.
After setting up a new email server, you can use this automated service for mail flow testing, sending and receiving of email. And at the same time test your SPF settings.
Cool, ain’t it!

*Note: I am in no way affiliated with Port25 Solutions, I just found this service useful and thought I should share it

Kee Wee

Kee Wee is an IT Specialist specialising in High Availability and Messaging solutions. He is a curious person who likes to build things and figure out how stuff works. This is where he share his thoughts with the world.

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *