Support
- Advanced Backup
- Client Side
- Cloud Enterprise
- ColdFusion
- Control Panel
- cPanel
- Customer Portal
- DNS Information
- Dedicated Servers
- DirectAdmin
- Domain Name
- dotDefender
- Dreamweaver
- Email
- Headers
- Configure iPhone for Email Accounts
- Mac Mail Setup
- Mail Clients
- Netscape Communicator
- Not Sending
- Outlook
- Pop3
- Smtpauthentication
- Spam Policy
- SPF Records
- Spoofing
- Telnet
- Webmail
- Change the number of emails stored on your iPhone
- Create an Email Signature in IncrediMail
- Create an Email Signature in Opera Mail
- Create an Email Signature in Thunderbird
- Adjust Postini Premium Spam Filtering Filter Settings
- Change the default Macmail account for OS X
- Configure iPhone for IMAP email accounts
- Configure iPhone for POP email accounts
- Create Filters in Outlook Express
- Change email ports on an iPhone
- Create an Email Signature in Mac Mail
- Set up Auto Responder in IncrediMail
- Set up your iPhone Email Signature
- Remove Unused SMTP Servers in Mac OS X
- Use Connection Doctor to Diagnose Mac OS X Mail problems
- Set up Auto Responder in Thunderbird
- Deliver quarantined messages in Postini
- Add Email Aliases to Postini
- Change Outgoing Email Port in Mac Mail
- Explanation of Bounceback or Email Error Messages
- Create a Catch-all Email Address
- Create Email Filters in Mac OS X Mail
- Check How Much Disk Space Email is Using
- Set up Email Account in Entourage
- Generate an SPF Record
- Recover Deleted Emails Via Outlook Web Access
- Send Email via Pear Mail for Linux
- View Email Header Information
- Set up Email Account in Opera Mail
- Configure Mac OS X Mail
- Back up Email with Mail for OS X
- Set up Microsoft Outlook 2007 for IMAP Email
- Synchronize Sent Items in Microsoft Outlook with IMAP
- Set up POP3 in IncrediMail
- Leave Email on Mail Server with Entourage
- Leave Email on Mail Server with Mac Mail
- Leave Email on Mail Server with Outlook 2007
- Set up POP3 in Opera Mail
- Import Contacts from Excel or CSV into Outlook
- Set up POP3 in Sea Monkey Mail
- Set up IMAP and POP3 on Droid
- Outlook Error Codes
- Winmail.dat File Attachments
- Set up SmarterMail Email on the iPad
- Unable to Send Mail in Outlook
- Unable to send email through Outlook after installing Norton AntiVirus
- Spam Messages from Your Own Address
- Recover Deleted Items in Outlook 2007
- Creating an Email Signature in Outlook
- Set up outlook to use more than one profile
- Create an Auto Responder in Outlook 2007
- Setting up the K9 Email Client on Android
- Add POP Email Account in Microsoft Outlook 2011 for Mac OS X
- Set up IMAP email on Windows Phone 7
- Set up POP3 mail on Windows Phone 7
- Email Signatures in Outlook 2011 for Mac OS X
- Add IMAP Email Account in Microsoft Outlook 2011 for Mac OS X
- Configure Windows Live Mail for Email
- Configure Junk Email Filtering in Outlook 2011 for Mac
- Configure Email Rules for Outlook 2011
- Clearing Autocomplete Entries in Outlook
- Clear Outlook Filters
- Email Settings for Palm Pre and Pixi
- Change Outlook SMTP Port
- Adding an SSL Cerificate to Dovecot
- Configure Android for POP email accounts
- Configure a Blackberry to Access a SmarterMail Account
- Configure Android for IMAP Email Accounts
- Determining if an E-mail Address is an Alias or User in Exchange Server 2007
- FileCatalyst
- Front Page
- FTP
- General Information
- Hosted Exchange & SharePoint
- IIS6
- IIS7
- Juniper Netscreen Firewalls
- Linux
- List Server
- MIVA Merchant
- MySQL
- Patching / Server Updates
- phpMyAdmin
- Plesk
- Policies and Procedures
- Premium Spam Filtering
- Programming
- Ruby on Rails
- Search Engine Submission
- SharePoint 3
- SharePoint 2010
- SiteDesigner
- SmarterMail 3
- SmarterMail 4
- SmarterMail 5
- SmarterMail 6
- SmarterMail 7
- SmarterStats
- SmarterTrack
- SQL Server
- Secure Socket Layer (SSL)
- Uploading Your Website
- Video Tutorials
- Windows Server 2003
- Windows Server 2008
- Web Design
- WordPress
- Advanced Monitoring
- MediaWiki
- Enkompass
- Microsoft Outlook 2010
- Android
- Outlook Web Access
- Critical Availability Service
- NAS Data Transfer
- Customer Portal Demos
- Joomla
- Moodle
- Cloud Dedicated
- Gallery CMS
- phpBB
- Standard Monitoring
- Righteous Restore
- NAS (Network Attached Storage)
- Networking
- SmarterMail 8
- PCI Security Scan
- LinkTiger
- Windows Cloud VPS
- Linux Cloud VPS
- Linux VPS
- Windows VPS
- Hyper V
- ENSIM
- Alert Logic
- Webmin
- e107
- Vbulletin
- VPN
- Visual Vault
- Mozilla Thunderbird
- PyroCMS
- Active Directory
- Vmware Related
- Drupal
Generate an SPF Record
This article will go over what an SPF record is, what it does, and the various options of the SPF record. It will also go over generating an SPF record for your domain.
Overview
SPF is short for Sender Policy Framework. It is used in an attempt to limit forged emails come from your server. This is commonly referred to as spoofing which you can find more about here: What is email spoofing? While an SPF record cannot 100% for certain stop forged emails, it does help and is part of the solution. It provides domain owners with a way of allowing certain mail sources to send mail while rejecting other mail sources.
When an email is forged, it is coming from a domain that the IP doesn't actually belong to. For example, if you receive an email from forged_user@domain.com, the headers of the email will contain an IP address. At that point, the SPF record queries domain.com (in this case) to make sure the IP address in the headers matches that of which domain.com is allowed to send from or has control over. If domain.com recognizes the sending server, the SPF passes and the mail delivers. If not, it's considered forged and dealt with accordingly.
So in order to set up an SPF record, here's what you need to know. First, gather a list of every domain and IP address that you have control over that sends mail. For example if you have a web server that sends mail and you have a mail server as well, then those are two items to include on your list (the web server, the email server). If you or your clients are sending mail from an ISP's mail server (i.e. using their SMTP servers to send mail through your domain) you'll want to include that as well in the list. If that is a dynamic IP address, you would want to setup an account with No-IP or DynDNS to include in the SPF record so you don't have to change the record often. When gathering the list of domains, there's no reason to list a domain more than once if it resolves to the same IP address (i.e. www.domain.com and domain.com, it suffices to just use domain.com in the record).
Lastly, don't assume. If an incorrect SPF is generated, the SPF may fail and all mail could be rejected. If you're not sure, contact support and we'll help out. Here is a great resource for making sure your SPF record is correct: Common mistakes when creating an SPF record.
Breaking down the SPF record
There are a few parts to an SPF record called mechanisms: a, mx, ptr, ip4, and include.
a: If domain.com has an address record (A or AAAA) that can be resolved to the sender's address, it will match.
mx: If domain.com has an MX record resolving to the sending address, it will match (the mail comes from one of the domain's mail servers).
ptr: If domain.com for the client's address is in the given domain and that domain name resolves to the client's address (forward-confirmed reverse DNS), it will match.
ip4: If the sender is in a given IPv4 address range, it will match.
include: If the included policy passes the test, this mechanism also matches. This is typically used to include other SPF records such as spf.safesecureweb.com (our outbound spam firewall servers) and spf.postini.com (Postini's SPF).
Next, there are qualifiers and each mechanism can be combined with one of the four qualifiers below:
- + for a PASS result. This can be omitted.
- ? for a NEUTRAL result interpreted like NONE (no policy; rarely used).
- ~ for SOFTFAIL, a debugging aid between NEUTRAL and FAIL.
- - for FAIL, the mail should be rejected.
Once you're ready to setup the SPF record in DNS, please contact support. Once the record is setup in DNS, you can validate the SPF.