Technical details for configuring your domain.
Even though we do most of the work for you, some customers find a little more information to be helpful, so this page will provide some basic information on the proper setup for your mail server.
If you have any questions that aren’t addressed below (or you would just like some assistance) feel free to use the Support Form we have made specially for our clients.
You have to tell the Internet to send e-mail addressed to your domain “yourdomain.com” to the SpyderMail service so we can filter it for you and send the clean e-mail to your mail server. To do this you, or your Internet Service Provider (ISP), will have to make a change to the DNS records for your e-mail domain.
Once this change is made to the DNS records there will be a short lag for this change to reach the entire Internet. This time lag is entirely dependent on your Time to Live (TTL) value on the DNS records for your e-mail domain.
When you log into your administration dashboard, you can look on the top right when you’re in https://spydermail.mailanyone.net and you’ll see the “getting started” button.
example-com.mx1-ca.mailanyone.net (where
example.com is replaced by your domain)Once the MX records have changed you can check that they are correct by using the ‘nslookup’ command from a command prompt as per the example below or use a site like http://www.intodns.com/, or http://www.geektools.com/digtool.php to look up the MX record for your domain.
Example – from a DOS or command prompt in windows type the following command:
nslookup -type=mx yourdomain.com
The answer should look similar to the following. (Canadian example shown)
Please contact us once this step has been completed including your Customer ID and Email Domain name. If you have any questions about how to make this change contact us before doing anything that may impact your e-mail.
Once e-mail is flowing through the SpyderMail service, you need to configure your Firewall to allow inbound access from our IP space.
We will send you the correct IP addresses for our delivery servers (and they are also available for you in the management portal).
Currently blocking inbound SMTP traffic? Configure your firewall to only allow inbound SMTP (Port 25) traffic to your mail server from the SpyderMail primary and backup data centers.
Restricting inbound to our delivery servers will stop Spammers from bypassing the protection of the SpyderMail Service by sending Spam directly to your mail server. Don’t forget, spammers can check MX records as easily as we do!
If you don’t have any remote users or they can connect to your mail server via a VPN, WebMail, Remote Desktop or other technique then you can skip this section. If you have remote users that need to send e-mail through your mail server via SMTP then continue reading.
With the application of spam filtering techniques like Sender Policy Framework (SPF) it is getting more and more critical that all e-mail from your domain flow through your mail server so that it does not get blocked as spam. The standard SMTP port used by SpyderMail (TCP 25) should be locked down or firewalled so that spammers don’t try and do an end run around the spam protection offered by SpyderMail – so where does this leave your remote users?
One technique that works well with remote users is to use a second SMTP server or service on a different port (465 and 587 are popular) and require that they authenticate before letting them send e-mail. Your users can then talk through your firewall, be authenticated, and send e-mail to both others in your company or to people outside. These e-mail’s will be coming from your mail server and thus pass the SPF record check and not be blocked as spam.
Sender Policy Framework (SPF), as defined in RFC 4408, is an e-mail validation system designed to prevent e-mail spam by addressing a common vulnerability – source address spoofing.
SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific DNS SPF record in the public DNS. Mail exchangers then use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.
Recipient filtering is important as it protects your server from various types of dictionary attacks, and improves performance due to the fact that it does not have to handle all of the invalid mail sent to your server.
If you could enable this feature it would be greatly appreciated and would increase the security of your domain(s) and mail server.
Following are some Microsoft KB articles on Recipient filtering in Exchange:
There are a number of resources that are available to you as new SpyderMail clients: