Let's imagine that there's a domain called domen.com. Recently, I've been getting emails from other mail servers. As a domain administrator, I set up to receive all emails that didn't reach their intended recipients. However, I discovered that spam is being sent from my domain's left mailboxes. Upon checking my spam folder, I found a significant amount of spam that has been directed to me with addresses like F058B94F5@domen.com every 1-2 minutes.

To prevent this from happening, I configured the domain SPF by including _spf.google.com with v=spf1 ~all. This limits the ability of spammers to send emails using my domain, reducing the amount of spam I receive.

To enhance your email's security, I suggest complementing SPF with DKIM including mandatory ADSP. This allows spam-filtering servers to better identify and block malicious emails, ensuring that the sender is verified as you. As for further suggestions, it seems challenging to provide any more in this context.

Although not mandatory, SPF is generally suggested.

To fully comprehend why such mails can be sent, it is important to familiarize oneself with the function of the SMTP protocol.

It's noteworthy that the From field, which appears alongside the sender's name and email address, holds no real significance in comparison to the Subject field.

The SMTP protocol allows anyone to send an email to any user at any domain within MX.

However, it is possible to receive a letter for yourself from your own IP address, such as 200.204.237.84. As long as you are not specifically prohibited from receiving mail from your domain from other IP addresses in the SPF record, you can receive these emails.

To prevent receiving mail from your domain from unauthorized IP addresses, consider changing the "~all" in the SPF record to "-all". This will indicate that only authorized IP addresses are allowed to send mail on behalf of your domain.

Configuring the Sender Policy Framework (SPF) with _spf.google.com and v=spf1 ~all is a step in the right direction to reduce spam sent from your domain. SPF helps validate the origin of emails by specifying which servers are authorized to send emails on behalf of your domain.

However, keep in mind that using "~all" rather than "-all" in your SPF record means that you're not explicitly blocking all other servers from sending emails claiming to be from your domain. This allows some flexibility in case legitimate emails are sent through other servers. However, it can potentially make your domain more susceptible to spoofing.

To further enhance your email security, you may want to consider implementing additional measures such as:

1. Implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC): DMARC builds upon SPF and adds another layer of authentication that enforces policies for handling emails that fail SPF and DomainKeys Identified Mail (DKIM) checks.

2. Enabling DKIM: DKIM adds a digital signature to your outgoing emails, allowing receivers to verify the authenticity of the sender and reducing the chance of malicious emails being sent using your domain.

3. Monitoring and regularly reviewing your domain's email activity: Stay vigilant and keep an eye on any suspicious activity originating from your domain. Regularly check the logs and review email headers to identify any potential vulnerabilities.

4. Educating your users: Train your domain users about email best practices and raise awareness about phishing attacks and other email-related security threats. Encourage them to report any suspicious emails they receive.


Here are a few more steps you can take to enhance your email security and prevent spam:

1. Enable DMARC: As mentioned earlier, DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a powerful email authentication protocol. It helps protect against email spoofing by providing instructions on how to handle emails that fail authentication checks. Implementing DMARC with a policy of "p=reject" instructs receiving servers to reject any emails that fail the SPF or DKIM checks.

2. Implement email filtering and anti-spam measures: Consider using robust email filtering solutions or anti-spam software to automatically detect and block spam emails. These tools use various techniques, such as content analysis, reputation checks, and machine learning algorithms, to identify and filter out spam emails before they reach your inbox.

3. Regularly update and patch your email server: Keep your mail server software up to date with the latest security patches to ensure that any known vulnerabilities are addressed promptly. Regular software updates help protect against potential exploits that spammers may use to send unauthorized emails.

4. Use strong, unique passwords for email accounts: Ensure that all email accounts associated with your domain are protected with strong, unique passwords. Weak passwords can be easily crаcked, providing unauthorized access to your email system.

5. Monitor and analyze email traffic patterns: Regularly monitor your email traffic patterns to identify any unusual activity or spikes in outgoing emails. Unusual patterns could indicate compromised accounts or rogue scripts being used to send spam from your domain.

6. Consider implementing a mail transfer agent (MTA) that includes built-in spam filtering capabilities: Some MTAs offer built-in spam filtering features that can help reduce the amount of spam reaching your inbox. Configuring these filters appropriately can significantly decrease the impact of unwanted emails.