Stopping Fraudulent Spam with SPF

I use DirectAdmin for server management. Recently, a lot of spam has been sent that appears to be from users at However, no email is sent from, so this spam is fraudulent and the “From” header is forged.

I have no way to prevent senders from forging their “From” addresses to make it appear that their spam is coming from my domain. However, SPF aims to change that.

I’ve tried to implement SPF on my domain and make it more stringent. DirectAdmin’s default SPF record looks like this:
|DOMAIN|. IN TXT "v=spf1 a mx ip4:|SERVER_IP| ?all"
I decided to change the SPF string to the much more strict:
"v=spf1 ~all"
This should mean that no email is expected to be sent from For all communications I will instead use Gmail or some other provider that knows how to manage all this email business. It’s tricky business, and hard to work with. Fighting spam is, I suspect, one of the most difficult aspects of managing a server. Anyone have any insight?

Leave a Reply