Although you do not need an SPF record on your DNS server to evaluate incoming email against SPF policies published on other DNS servers, the best practice is to set up an SPF record on your DNS server. Setting up an SPF record lets other email servers use SPF filtering (if the feature is available on the mail server) to protect against incoming email from forged (spoofed) email addresses that may be associated with your mail server. As SPF records are implemented more widely, SPF filtering will become more effective at identifying spoofed email messages.
About SPF records
SPF records, like MX, A, and PTR records, are included at the DNS domain tree level. These records identify authorized SMTP servers for each domain.An SPF record consists of the SPF version number followed by strings comprised of mechanisms, prefixes, and modifiers. SPF clients ignore TXT records that do not start with the version string v=spf1.
SPF records are evaluated in a two pass process. First, all mechanisms and prefixes are evaluated, then all modifiers are evaluated. Mechanisms are evaluated from left to right. Modifiers are evaluated on the second pass and can occur anywhere in the record. A generic SPF record takes the format of:
version ([prefix] mechanisms) (modifiers)
An example SPF record is:
v=spf1 +a:mail.domain.com/16 +mx +ptr include:anotherdomain.com redirect=exampleredirect.com exp=spf-error -all
This SPF record includes three directives made up of prefixes and mechanisms:
and two modifiers:
Mechanisms identify IP addresses that are authorized to send email from a specified domain. You can use zero or more mechanisms in an SPF record string. Mechanisms usually contain ":" or "/" characters and are case-sensitive. Directives that do not contain "=", ":", or "/" are also mechanisms. Following are mechanism descriptions:
Prefixes designate whether IP addresses pass or fail the SPF lookup test:
Modifiers provide additional SPF query information and can branch SPF processing. They always contain an "=" character and are case-sensitive. SPF includes two possible modifiers, each can be used once:
0 comments:
Post a Comment