For example if mail server 123.456.789.123 sends mail on behalf of domain.com and the mail server that receives the email is able to perform an SPF lookup on domain.com it will verify that 123.456.789.123 is present within the authorized hosts - if it is not it will be rejected, otherwise delivered to the desired recipient.
There are some fallbacks however - as not all mail servers are able to perform SPF lookups - so your milage maye somewhat vary.
Now to setup an SPF record for your domain - this is performed by adding a TXT file to your DNS zone - for example:
v=spf1 mx a ip4:123.456.789.123 ~allThe above instructs SPF aware mail servers that:
- Any MX servers provided in your DNS zone will be able to send mail on behalf of your domain
- In addition the IP 123.456.789.123 will be able to send mail on behalf of your domain
- The tilde (~) symbol instructs the receiving server to mark any mail that has failed SPF validation to be delivered - but be marked.
There are three types of SPF actions:
- Hard Fail: Simply reject (do not deliver) the mail.
- Soft Fail: Deliver the email, although will be marked.
- Neutral: Mails will usually be delivered.
SPFWizard provides a great tool for automatically generating SPF records for your domain.
No comments:
Post a Comment