SMTP – SPF

spfAfter DMARC, the next in the spam fighting triangle (DKIM being the third) is SPF.

A SPF record (Sender Policy Framework) was originally to help the fight against SPAM but quickly became obsolete. Nevertheless we still need it for most providers like Gmail and Outlook.com.

So, although its kind of useless, we still need to configure it!

First of all, create a reversed DNS at your VPS ISP. Your FQDN (for example) mailserver.yourdomain.com resolves to your IP numbers (IPv4 and IPv6) and you should make sure your IP numbers also point to mailserver.yourdomain.com.

Secondly, create the record. Just create a ‘neutral’ record like below.

@ 5 MIN TXT v=spf1 a:mailserver.yourdomain.com include:_spf.aprovider.email ?all

Often includes are necessary to tell the outside world which cluster of servers are allowed to send email for the domain. A SPF record then can look more like below.

@ 5 MIN TXT v=spf1 a:server.anotherdomain.com a:anotherserver.domainabc.com ip4:101.62.201.67 ip4:66.101.203.1 include:_spf.aprovider.email include:spf.mailjet.com include:_spf.google.com ~all

Includes come at the end.

Complete series: Backscatter check, DMARC, SPF, DKIM with Postfix, DKIM with Postfix and rspamd, DKIM with DirectAdmin and Exim and SMTP checks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.