Written by 4:43 pm DNS

What is Sender Policy Framework, and how to setup SPF record?

Have you ever received complaining messages from your users about emails sent to them from your email server, without your knowledge? Or maybe the emails you are sending are going directly to the users’ SPAM inbox?

Problems like these can seriously affect your business. Your clients can get phished and send their private information to a fake address which is pretending to be you. This can damage your reputation and can lead to different bans for you.

Understanding Phishing Attack and How to Stay Protected

If you have such problems, then you need a Sender Policy Framework (SPF) to prevent spoofing and improve the reliability of your e-mail server. It is a validation system that verifies the legitimacy of your email server.

To use it you need to create an SPF record for your domain name. It is a type of DNS record that verifies which email server can send emails from the name of the specific domain.

Let’s define SPF record

This is how it looks like:

v=spf1 +a include:cloudns.net ~all

It has different mechanisms:

v=spf1 – shows that it is an SPF record and is the version 1

+a – it is authorization to the host, that it can send emails

include: authorization of the emails, that they can be sent from that particular domain

~all – this shows that, if another server sends an e-mail for your domain, it must be accepted but handled as spam. You can use -all if you want all other servers to be rejected

There can be more mechanisms like:

all – make a match of all local and remote IPs

ip4 – define a particular IPv4 address or a range of IPv4 (example: ip4:192.168.0.1 or ip4:192.168.0.0/24 for a whole network)

ip6 – set a specific IPv6 address or a range of IPv6 (example: ip6:fc00::1 or ip6:fc00::/7 for a whole network)

mx – for each MX record, it specifies all A and AAAA records

Mechanisms can have qualifiers before them:

+ – Pass, the address passed the test, accept the email (example: +mx)

  – Hard Fail, the address failed, don’t accept the email (example: -ip4:192.168.0.1 or -all)

~ – Soft Fail, failed the test but it accept the emails, just tagged them as fails (example: ~all)

? – Neutral, no pass or fail, do whatever, probably accept email (example: ?all)

How to add SPF record

Now when you know what an SPF record is, you can watch the following video tutorial how to add it.

For more information, you can also check our wiki page about SPF record.

The benefits of adding an SPF record are clear, stop the illegal spammers from using your domain name to send a fake email and to be phishing private data. In the other hand, it will reduce dramatically the number of your email that goes directly to SPAM by recipients.

So, do that extra text and add this SPF record to your DNS for additional protection.

(Visited 1,623 times, 2 visits today)
Enjoy this article? Don't forget to share.
Tags: , , , , , , , , , , , , , , Last modified: August 2, 2023
Close