1012

Sender Policy Framework

Sender Policy Framework or SPF is an email validation mechanism to detect and prevent email spoofing. An administrator can specify the mail server name or list of servers from which mails will be sending for that domain in its DNS record. SPF data in DNS record will be saved as TXT format. Remote server can check the SPF records while receiving a mail and confirm if that mail was originated from correct MX servers. If not, it can perform the actions specified in qualifiers section.

SPF record can be queried using dig command.

code>dig example.com TXT

And a sample record looks like the below.

example.com. 3600 IN TXT "v=spf1 mx ip4:192.168.1.120 ~all"

Domains can be defined with zero or more mechanisms. Mechanisms can be used to describe the set of hosts which are designated outbound mailers for the domain.

Available mechanisms are all, ip4, ip6, a, mx, ptr, exists, include

Mechanisms can be prefixed with one of four qualifiers:

  • "+" Pass
  • "-" Fail
  • "~" SoftFail
  • "?" Neutral

Leave a Reply