Spf
The Sender Policy Framework
Read up on the Sender Policy Framework.
Why?
There's nothing stopping someone from pretending to send mail from a fake address.
A scammer might send an from ceo@megacorp.com as follows:
Please send me $10,000 to my temporary bank account 0123456789.
How can we determine if sender's email address is fake or real? Sender Policy
Framework (SPF) is one tool.
What it does
SPF is a system that your mail server uses to check if the sender of the email
comes from the right server.
Almost all mail servers will check for SPF records. So, if you don't want your mail
to be marked as spam or phishing, you will want to set up proper DNS records.
How it works
|| border=1 width=100%25 class="sortable simpletable"
||# Qualifier ||# Result ||# Meaning ||# Action ||
|| + || Pass || Can send || Accept ||
|| - || Fail || Cannot send || Reject ||
|| ~ || SoftFail || Cannot send but still in transition || Accept but mark ||
|| ? || Neutral || Neutral || Accept ||
|| || None || No matching SPF record || Accept ||
|| || PermError || Error (bad SPF record) || Unknown ||
|| || TempError || Temporary Error || ? ||
|| border=1 width=100%25 class="sortable simpletable"
||# Mechanism ||# Meaning ||
|| all || Always matches ||
|| ip4:
/|| ip6:
/|| a:
|| mx:
|| border=1 width=100%25 class="sortable simpletable"
||# Record ||# Meaning ||
|| "v=spf1 mx -all"
|| Allow MXes to send mail, deny all others. ||
|| "v=spf1 -all"
|| The domain cannot send any mail. ||
|| "v=spf1 +all"
|| Anyone can send mail for this domain (SPF becomes useless) ||
|| "v=spf1 ip4:192.168.0.1/24 -all"
|| IPs between 192.168.0.1 and 192.168.0.255 can send ||
|| "v=spf1 ip6:2001:db8::/96 -all"
|| The IPv6 subnet 2001:db8::/96 can send ||
|| "v=spf1 a -all"
|| IPs from current domain can send mail ||
|| "v=spf1 a:example.com -all"
|| IPs from example.com can send mail ||
|| "v=spf1 mx mx:mail.example.com -all"
|| IPs from MX servers for current domain and mail.example.com can send ||