Categories: General Topics

What is SPF (Sender Policy Framework) And Overview of SPF mechanism

The Meaning of SPF (Sender Policy Framework)

Sender Policy Framework (SPF) is a validation system that allows ISPs and mail servers to check if the incoming mail has been sent from an authorized server. By using the IP address of the sending server and the DNS records of your domain, ISPs can check if the sending server is authorized. If email is coming from an unauthorized sender, the emails will be marked as spam or moved to junk.

How does SPF work

Connection over the Internet use DNS (Domain Name System) to resolve Domain Name to the IP (Ipv4) Address . Each domain should contain MX (Mail Exchanger) in domain’s DNS Zone Record file.Th purposes of MX Record is to inform the sender email server where is the target mail server location.

SPF Job is to publish the reverse MX DNS records of the mail server , in other words SPF is like broadcasting information about the source mail server that send the mail from the domain,then the recipient mail server can check theses “published record by SPF” to insure that the incoming e-mail is coming from trusted sender or trusted domain.

SPF operates at the level of the SMTP transaction, and requires these information:

  • The MAIL FROM: parameter of the incoming mail
  • The HELO or EHLO parameter of the sending SMTP server (used for Mailer-Deamon bounces which send a blank MAIL FROM)
  • The IP address of the sending SMTP server

SPF Record Syntax Example

lets try to explain the simple SPF record for domain exampledomain.com

exampledomain.com. TXT “v=spf1 mx a:ex1.exampledomain.com -all”

The parts of the SPF record mean the following:

v=spf1 SPF version 1
mx the incoming mail servers (MXes) of the domain are authorized to also send mail for exampledomain.com
a:ex1.exampledomain.com the machine ex1.exampledomain.com is authorized, too
-all all other machines are not authorized ,”-” Mechanism meaning Fail

SPF Mechanisms

The bellow are an overview of SPF mechanism syntax  may include in the SPF record:

  • “+”    Pass : The SPF record designates the host to be allowed to send , The Actions is accept
  • “-”    Fail: The SPF record has designated the host as NOT being allowed to send, Intended  Action :reject
  • “~”    SoftFail:The SPF record has designated the host as NOT being allowed to send but is in transition , Intended  Action :accept but mark
  • “?”    Neutral:The SPF record specifies explicitly that nothing can be said about validity , Intended  Action :accept
  • “all” mechanism:This mechanism always matches. It usually located at the end of the SPF record.
  • “ip4” mechanism:An IPv4 network range. If no prefix-length is given, /32 is default.
  • ip6″ mechanism:An IPv6 network range. If no prefix-length is given, /128 is default
  • “a” mechanism:All the A records for domain are tested. If the client IP is found among them, this mechanism matches.
  • “mx” mechanism:All the A records for all the MX records for domain are tested in order of MX priority.
  • “ptr” mechanis:The hostname or hostnames for the client IP are looked up using PTR queries.
  • “exists” mechanism:Perform an A query on the provided domain. If a result is found, this constitutes a match. It doesn’t matter what the lookup result is
  • “include” mechanism:The specified domain is searched for a match. If the lookup does not return a match or an error, processing proceeds to the next directive.
  • “exp” modifier:If an SMTP receiver rejects a message, it can include an explanation.
XsoftHost Support

Share

Recent Posts

Add Extra IP addresses to server configuration On Ubuntu 17.10 and later

Each failover IP address will need its own line in the configuration file. The configuration…

4 years ago

Create RAID Arrays with mdadm on Ubuntu

What is mdadm? The mdadm utility can be used to create and manage storage arrays…

4 years ago

How to change the maximum upload file size for PHP

There are several scenarios that you might need to increase or decrease your php maximum…

6 years ago

How to install Let’s Encrypt Plugin in WHM/cPanel

What is Let’s Encrypt? Let’s Encrypt is a free certificate authority provided by the Internet…

6 years ago

How to install python in my cPanel and add py extension

Python normally installed on all cPanel hosting server because most of Centos/red hat update system…

6 years ago

How to install and enable GUI GNOME Desktop on centos 7

Usually CentOS 7 comes in a numbers of variants, For most users, there are two…

6 years ago