Tuesday, September 16, 2008

Creating SPF records

Creating SPF records

Sender Policy Framework (SPF) is a method by which the administrator of a domain explicitly specifies which mailservers are allowed to send mail for his domain. As this is just a TXT record that is put into the domains DNS zone file, the setup is fairly straightforward. A very basic SPF for mydomain.com might look like this:

mydomain.com IN TXT "v=spf1 a mx ~all"

The above specifes that this is an SPF record for mydomain.com:
v=spf1: a required header that indicates this is an spf record
a: the A record for mydomain.com is allowed to send email
mx: the MX record for mydomain.com is allowed to send email
~all all other mailservers trying to send mail will return a code of "softfail". The mail will still go through, however it will be a suspect message

If you wished to allow another server to send mail through that had the hostname of mail2.mydomain.com, you would modify the record thusly:

mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com ~all"

Also, if you wish to give a hard fail, and only allow those servers to send mail, the record would look like:

mydomain.com IN TXT "v=spf1 a mx a:mail2.mydomain.com -all"

No comments: