Understanding Email Outsourcing

Portal Home > Knowledgebase > Articles Database > Understanding Email Outsourcing

Posted by Lancia, 07-27-2007, 06:20 PM
I use my dedicated server to host my own large site and web forum, and I want to stop hosting my own email server so I don't have to manage it. I want to use Google Apps for Your Domain to manage my email, pointing my MX records to Google. However, I am not clear on how this will effect PHP scripts sending email on my server. My vBulletin installation sends 1,000+ email notifications every day, which far exceeds Google's 500/day sending limit, so I obviously can't use their SMTP servers. If I'm sending mail from my own server via PHP, though, and my MX records point to Google's, how can vBulletin send an email from an address at my domain? I've been reading up on how email works, but I just can't seem to figure out how this works... Can anyone clarify?
Posted by Jakiao, 07-27-2007, 09:24 PM
Scipts like PHP or Perl don't use your MX record to send mail. Rather, your server will still need to have a binary for sending mail (e.g. sendmail).
Posted by Lancia, 07-27-2007, 09:32 PM
Yes, but I have my vBulletin installation to send email from a specified address (e.g. forums@mydomain.com). What gives it the authorization to send email as a user from my domain, when it's not located at the IP address my DNS records point to? I apologize if this question causes some eye-rolling, but I'm doing my best to learn and understand this.
Posted by Jakiao, 07-28-2007, 12:10 AM
Nothing gives it authorization to send as you. That's why mail forgery is so easy to pull off. The only way to autheticate if an email being sent is valid is by using SPF records (which I highly recommend you do use). In the vBulletin settings, you can tell it what email address to send mail as. If you have any issues, set the "Use -f" setting to "Yes" in the Email Options. So long as sendmail is installed on the server (and it is by default), you could say that your email was being sent from president@whitehouse.gov and that's exactly how it would show up to the receiving party. Do look into SPF records. They're added to your DNS as a TXT record and allow you to specify what makes your email authentic or fake. Like with me, my domain's DNS record has SPF which list exactly which IP's are authorized to send mail as @mydomain.com. People who have their mail servers check the SPF on all incoming mail will get a result from my mail server that says, "If it came from this IP, this IP, or IP/26, or IP/27, then it came from my machines. Otherwise, it may be a forgery." Do check it out. Edit: Proof of this would be when you get spam. I've received spam claiming to have been sent by me to me. Did I send it? No. Did I authorize this email to be sent as me? No. Aside from SPF, is there any way I can try and block this from happening again? No.
Posted by Lancia, 07-28-2007, 01:03 AM
Jakiao, thanks! That really clears things up for me - I suppose that despite everything I have read about how MTA's and email work, I just couldn't accept the fact that an email address would be so easy to forge, and nothing ever explicitly mentioned that. SPF also looks like a great idea - correct me if I'm wrong, but I just need to include the SPF rules in a new TXT DNS record? I can handle that! Once again, thanks for your help and clarification!
Posted by Jakiao, 07-28-2007, 02:28 AM
Check out http://www.openspf.org/ for help on creating SPF rules. Our rules work pretty well for us. Anyone using our servers to send email, either through SMTP or a script, is given validation by our records. Due to ISP limitations of POP3, we had to choose that any violation of our SPF rules are marked as "Soft Fail" (this email -could- be a forgery, but it might not be). Good luck!
Posted by kencox, 07-28-2007, 02:39 AM
Just a quick note when requesting the SPF record to your Host just ask them for a txt record and give them what you created with openspf.org it will make things easier for your request.

Add to Favourites Print this Article