Record SPF (Sender Policy Framework) allows you to check the host SMTP mail servers, the server sends e-mails from a given domain is authorized to do. It is in fact plain text record. To ensure compatibility with older implementations of servers / clients DNS domain should be 2 SPF records that contain exactly the same value, one type of SPF, and the second TXT.
Suppose, for example, that your domain example.com uses Gmail. You create an SPF record that identifies the mail servers as authorized Google Apps mail servers for that domain. When the recipient's mail server receives a message sent from the account user @ example.com, you may check the SPF record for the domain example.com, to determine if the message comes from an authorized mail server. If the message comes from a server other than the Google Apps mail servers listed in the SPF record, the recipient's mail server can reject it as spam.
If your domain has no SPF record, messages from users from that domain can be rejected by some of the recipients domain because it is not possible to check whether the message came from an authorized mail server.
Qualifiers
The qualifier is a single sign placed before the definition of the mechanism:
| Qualifier | Description |
|---|---|
| "+" - PASS | indicates that the data source is authorized to send mail from the domain. If prior to the determination of the mechanism does not have a qualifier, it is assumed that it is "+". |
| "?" - NEUTRAL | This source will be treated as if it was not him at all ... |
| "~" - SOFTFAIL | Maile from this source will be rejected or accepted, but marked as SPAM. |
| "-" - FAIL | Messages from this source will always be rejected. |
Mechanisms
Immediately after the qualifier is the "mechanism" that is, to identify the source:| Mechanizm | Description |
|---|---|
| ip4: 192,168,137,101 | IPv4 Address - 192,168,137,101 |
| ip6: 2001: db8 :: 1428: 57ab | Ipv6 Address - an Ipv6: 2001: db8 :: 1428: 57ab |
| a | Each record for a domain |
| mx | Each SMTP server accepting mail for this domain |
| all | Each host on the Internet |
Examples
a/example.com. IN TXT "v = spf1 mx -all"
Each SMTP server is accepting mail for the domain przykladowa.local. may also be sent. Mail coming from other hosts across the Internet will be rejected.
b/
example.com. IN TXT "v = spf1 a -all"
Mail originating from any host in the domain will be accepted. On the other rejected.
c/
example.com. IN TXT "v = spf1 ip4:192,168,137,101 -all"
Incoming IP 192,168,168,137,101 will be accepted. Other messages rejected.
d/
example.com. IN TXT "v = spf1 a mx ip4:192,168,137,202 -all"
Incoming mail from any host in the domain, the SMTP server receiving the mail and IP 192,168,137,102 will be accepted. The remainder will be rejected.
e/
example.com. IN TXT "v = spf1 mx -ip4:192,168,137,101 -all"
Incoming mail from any SMTP server receiving the mail, bypassing the host IP 192,168,137,101 will be accepted. The remainder will be rejected.
Notes
Full syntax: http://www.openspf.org/SPF_Record_Syntax
Validator: http://www.kitterman.com/spf/validate.html
Generator: http://www.spfwizard.net/
How to add SPF in your domain: http://kb.mediatemple.net/questions/658/How+can+I+create+an+SPF+record+for+my+domain%3F#gs
No comments:
Post a Comment