Sender Policy Framework, SPF is used to validate domains from which the e-mail was sent. SPF determines the IP addresses that have authority to send and receive e-mail messages. It also protects users from spammers that manage to forge domains.
In order to create a new SPF record on your DNS, create a new TXT record.
- Use your domain name as a subdomain name. For example, unihost.com
- As a record name, use v=spf1 a mx ~all
In this example, “v=spf1” determines the current SPF version, “a” allows to accept messages from the node that uses the address as the one listed in the A-record of the domain, and “mx” allows to accept emails if the sender is listed in of the mx-records for the domain. The line ends with «~all» — showing that all emails that do not pass this verification will be marked as spam.
These are all the options you can use:
- “v=spf1” – determines the version of SPF;
- “+” – tells the server to accept the mail (Pass). Checked on by default.;
- “-” – tells the server to deny the mail (Fail);
- “~” – tells the server to accept the mail, but mark it as spam (SoftFail);
- “?” – tells the server to disable SPF completely;
- “mx” – includes the list of servers listed in the domains MX-records;
- “ip4” – allows to pinpoint n address or a network of addresses allowed to send messages from the domain;
- “a” – determines how to act when receiving the mail from them ;
- “include” – lists the hostnames that have access;
- “all” – all other servers that are not listed yet;
- “ptr” – checks the PTR-record of the sender’s IP address.;
- “exists” – checks whether or not the domain resolves to any IP-address.
- “redirect” – redirects the SPF record check to another domain;
Using these options, you can create relatively complex SPF records. For example: “v=spf1 mx ip4:22.214.171.124 +a:smtp.mail.ru include:gmail.com ~all”