What is the SPF? How to configure and use SPF?
Posted by Jeff Ball on 08 February 2007 06:55 AM
SPF is Sender Policy Framework|
SPF fights return-path address forgery and makes it easier to identify spoofs.
Domain owners identify sending mail servers in DNS.
SMTP receivers verify the envelope sender address against this information, and can distinguish authentic messages from forgeries
before any message data is transmitted.
SPF is implemented at the level of DNS TXT records and SMTP server.
Detailed information about SPF record sytax is available at
SPF is included in plans as a regular resource with plan edit wizards.
To access SPF configuration form please select Mail Servers from the
E.Manager menu > Action > At the bottom of the page you will find
SPF/SRS configuration form. Set there required options.
Once the SPF resource is enabled in H-Sphere, DNS TXT records will be
provided for each A and MX records in E.Manager->DNS Manager.
DNS TXT records have the following format:
domain.com IN TXT "v=spf1 spf_string"
Here, spf1 is SPF version, and spf_string takes the combination of the
so-called mechanisms: "a, ptr, mx, ip4, include, all". all is a
finalizing mechanism and must be placed at the end.
Each mechanism may have a prefix pointing to a certain type of
- fail (message is rejected)
~ softfail (message is passed with warning)
+ pass (message is passed - the default prefix value)
The simplest (and most popular) SPF record will be:
domain.com IN TXT "v=spf1 mx -all"
This mean that mail from firstname.lastname@example.org can be sent only from his
MX record. There can be used other options.
If other servers send mail from domain.com, you can describe them by
giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes
domain names and approves all the MX servers of these domains.
"v=spf1 a mx a:test.com -all"
Mail can be sent from his MX and from test.com server.