To prevent fraudulent senders/phishing abuse, you can create what are known as sender policy framework (SPF) records for a domain. The SPF record of a domain defines which mail servers/IP addresses are allowed to send e-mails from the particular sender domain. Hostpoint checks the incoming mail servers to see whether or not the criteria of this rule have been met.
Let’s take the example of the domain name your-domain.ch.
The DNS has the following SPF record for this domain:
"v=spf1 mx ip4:184.108.40.206/23 -all"
This record can have the type TXT or SPF.
This authorizes the mail server above in the subnet 220.127.116.11/23 to send e-mails with your sender domain @your-domain.ch.
This authorization does not occur when the e-mail is sent but, instead, when it is received by the recipient e-mail server or, in other words, Hostpoint’s incoming mail server, for example.
This now checks whether the mail server that delivered the e-mail is actually authorized to do so. In other words, the IP address of the mail server is compared with the IP address in the SPF record for the domain @your-domain.ch.
If there is a mismatch, this means that the mail server with this IP address that just attempted to deliver the e-mail is not authorized to do so. The e-mail is therefore rejected by Hostpoint because the actual SPF record clearly specifies that no others are permitted to send e-mails (‘-all’).
A well-known example of this happens with gmx.ch or gmx.net:
"v=spf1 ip4:18.104.22.168/23 ip4:22.214.171.124/26 ip4:126.96.36.199/25 ip4:188.8.131.52/27 ip4:184.108.40.206/26 ip4:220.127.116.11/24 -all"
GMX wants its customers to use its own outgoing mail server to send e-mails. If the customer uses an outgoing mail server other than that of GMX, the SPF check fails at the recipient’s end.
Here, too, the ‘-all’ parameter unambiguously issues the instruction that no other mail servers are permitted to send e-mails.
Hostpoint rejects the e-mail in this case. For this reason, please use the outgoing mail server belonging to GMX to send e-mails from your @gmx.ch or @gmx.net e-mail accounts.
To ensure that your e-mails are received by as many hosting providers as possible, we recommend using the outgoing mail server specified by your hosting provider.
Hostpoint customers should use these mail servers.
This will reduce the risk of the e-mails being blocked by the recipient of your e-mails due to a failed SPF check.
There are various ways to view an SPF record, such as on this website:
or by entering the ‘dig’ command:
dig spf your-own-domain.ch
dig txt your-own-domain.ch
Wie sich SPF-Records lesen lassen, finden Sie hier.
Forwarders make the path that an e-mail takes longer. In other words, the message takes a detour through the server set up for the forwarder. For you, this means that a new mail server (i.e. the mail server set up as the forwarder) delivers the e-mail instead of the sender’s outgoing mail server. The problem with this scenario is that the check fails because the IP address of the forwarding server is not listed in the SPF record for the sender domain.
A concrete example:
Wenn das E-Mail bei Hostpoint ankommt, ist der Absender immer noch eine @gmx.ch-Adresse, der Mailserver der aber das E-Mail liefern möchte, ist myhost.ch und entspricht nicht den SPF-Record-Restriktionen von GMX. In diesem Fall wird das E-Mail bei uns abgelehnt.
We basically offer the following solution approaches:
As a hosting provider, Hostpoint uses the SRS solution. You therefore do not have to deal with modifying your address yourself when we forward e-mails for you. It is done automatically. However, this is only the case if the forwarder is set up with Hostpoint.
Follow the instructions to add an SPF Record for your domain.