Configure SPF
Foreword
SPF (Sender Policy Framework) is a method to prevent forgery of sender addresses. SPF can be used in mail servers to check whether an incoming email from your domain originates from a host that has been authorized by the administrator of the domain.
Requirements
- Access to the DNS zone of the domain
Set SPF entry
General information on setting DNS records can be found in the article DNS records.
The SPF record determines which IP addresses should be authorized to send emails on behalf of their domain.
The following SPF record of the domain example.com allows the IPv4 addresses behind its A-record and the IPv6 addresses behind its AAAA-record, as well as the triggered IP addresses of the MX-record, to send emails for the domain example.com. The -all means that no one else is allowed to send.
Host
example.comRR-type
TXTValue
v=spf1 a mx -all;Mechanisms
SPF also supports the following mechanisms:
| Mechanism | Occurs when |
|---|---|
| all | always |
| a | an A or AAAA record of the queried (or explicitly specified) domain containing the IP address of the sender |
| mx | an MX record of the queried (or explicitly specified) domain containing the IP address of the sender |
| ip4 | the specified IPv4 address is the IP address of the sender or the specified IPv4 subnet contains |
| ip6 | the specified IPv6 address is the IP address of the sender or the specified IPv6 subnet contains |
| redirect | IP address of the sender is legitimized by the SPF record of another domain |
| include | an additional SPF request to the domain specified in the include statement, which contains the IP address of the sender |
| exists | IP address of the sender was authorized based on the client's connection or other criteria according to (RFC7208) |
Qualifiers
| qualifier | description | |
|---|---|---|
| + | Pass | the directive defines authorized senders; this is the default, i.e. if no qualifier is specified, + is assumed |
| - | Fail | the directive defines unauthorized senders |
| ~ | SoftFail | the directive defines unauthorized senders, but the receiver should treat this failure generously; this qualifier is intended for test purposes |
| ? | Neutral | the directive defines senders about whose legitimacy nothing should be said; the sender must be accepted. |