Email Security: How can I create SPF record on DNS server?
10/29/2024 1,081 People found this article helpful 491,576 Views
Description
Email Security: How to create SPF record on DNS server
Resolution
To create an SPF record for a domain.
- Login into your Admin Console that manages DNS for your domain.
- Navigate to the configuration page where you can make changes to your DNS records.
- Create a TXT record using some of the following mechanisms to define the trusted sources allowed to relay email for your domain.
EXAMPLE:
"v=spf1 ip4:192.168.6.112 /16 -all".
"v=spf1 ip6:1080::8:800:200C:417A/96 -all".
"v=spf1 a:example.com -all".
"v=spf1 mx mx:example.domain.com -all".
"v=spf1 ptr -all".
"v=spf1 exists:example.com -all".
"v=spf1 include:example.com -all"
Mechanism.
- all :This always goes at the end of the SPF record and specifies that the condition always matches .
- ip4 :This specifies the condition to use IPV4 network range./32 is assumed if no prefix-length is given.
- ip6 :This specifies that IPV6 network range is used. /128 is assumed if no prefix length is defined.
- a :This specifies that all A records be tested and the condition matches if the client IP is found.
- mx :This defines all A records of all MX records be tested in the order of priority. The condition passes if the client IP is found among them.
- Ptr: Hostname is validated by PTR queries and the condition passes if at least one A record of a PTR hostname matches the original client IP.
- Include :This specifies the defined domain be searched for a match. If the lookup does not result in a match or permerror, the query proceeds to the next condition.
EXAMPLE: v=spf1 mx:messages.sonicwall.com -all.
When creating an SPF record that uses the ~all instead of all, you are specifying a softfail whereas the all would result in a hard fail if the conditions of the SPF record are not matching.
- "+" Pass The SPF record states that the host is permitted to send.
- "-" Fail The SPF record states that the host is NOT permitted to send.
- "~" SoftFail The SPF record states that the host is NOT permitted to send but is in transition.
- "?" Neutral The SPF record states explicitly that no judgement is made on the validity of the host
NOTE: Save your settings. DNS records can take up to 48 hours to propagate.
For more reference you can refer to: http://www.open-spf.org/SPF_Record_Syntax
Related Articles
Categories
Was This Article Helpful?
YESNO