Thursday, 29 September 2016

What is SPF and how to set it up for your domain

SPF (Sender Policy Framework) is used as an anti-spoofing system that provides a way for an administrator of a domain to authorize mail servers that can send mail on behalf of the domain. The list of authorized hosts / mail servers are published as TXT records on the domains DNS zone.

For example if mail server 123.456.789.123 sends mail on behalf of domain.com and the mail server that receives the email is able to perform an SPF lookup on domain.com it will verify that 123.456.789.123 is present within the authorized hosts - if it is not it will be rejected, otherwise delivered to the desired recipient.

There are some fallbacks however - as not all mail servers are able to perform SPF lookups - so your milage maye somewhat vary.

Now to setup an SPF record for your domain - this is performed by adding a TXT file to your DNS zone - for example:
v=spf1 mx a ip4:123.456.789.123 ~all
The above instructs SPF aware mail servers that:

- Any MX servers provided in your DNS zone will be able to send mail on behalf of your domain
- In addition the IP 123.456.789.123 will be able to send mail on behalf of your domain
- The tilde (~) symbol instructs the receiving server to mark any mail that has failed SPF validation to be delivered - but be marked.

There are three types of SPF actions:

- Hard Fail: Simply reject (do not deliver) the mail.
- Soft Fail: Deliver the email, although will be marked.
- Neutral: Mails will usually be delivered.

SPFWizard provides a great tool for automatically generating SPF records for your domain.

0 comments:

Post a comment