SPF Records - How To
Posted by , Last modified by on 27 September 2013 09:54 AM
What is SPF?
Sender Policy Framework is an email validation system designed to prevent sender address forgery (spoofing). It is very easy to spoof email, because there is no authorization method inherent to the core email protocols. SPF, while not a direct spam-prevention tool, gives domain holders a way to protect the reputation of their mail server. Not using SPF records puts your domain at risk of being used as a "cover" by hackers or spammers looking to engage in illicit emailing behaviors.
SPF allows the owners of domains to define exactly how email is to be sent from their servers by specifying authorized mail servers. Domain owners/administrators publish this information in an SPF record on their DNS servers. Whenever someone else's mail server receives a message that claims to originate from a domain with a published SPF record, it will check whether that message complies with the sender's stated policy. If the message comes from an unauthorized server, it can be rejected as fake.
Generating and Publishing SPF Records
If you do not directly manage your DNS records, the quickest way to a solution is to call your Internet Service Provider and let them take care of it. Be aware that it may take a day or so for the work they do to take effect.
If you do manage your own DNS server, you will need to publish your SPF record as a record of type TXT in your domain's public DNS. Microsoft provides a handy SPF record wizard if you would like assistance creating your own records. Simply follow the instructions on the page to generate an SPF record for your domain. The process for publishing DNS records varies greatly from provider to provider. For instructions specific to your domain, you will need to contact your DNS provider or domain registrar.
You should publish an SPF record for each of your domains that has an A record, an MX record, or both.
Anatomy of an SPF Record
The following example of an SPF Record was drawn from the homepage for the SPF project, www.openspf.org.
"Let's look at an example to give you an idea of how SPF works. Bob owns the domain example.net. He also sometimes sends mail through his GMail account and contacted GMail's support to identify the correct SPF record for GMail. Since he often receives bounces about messages he didn't send, he decides to publish an SPF record in order to reduce the abuse of his domain in e-mail envelopes:
The parts of the SPF record mean the following:
This example demonstrates but a small part of SPF's expressiveness. Do not take it as a guideline for building your own record — things might not work out as you expect and legitimate messages might get blocked!"
Additional SPF record syntax information can be found at: http://www.openspf.org/SPF_Record_Syntax#all