|Subject:||Sender Policy Framework (SPF)|
|Creation date:||12/14/15 4:35 PM|
|Last modified on:||8/11/17 7:47 AM|
Sender Policy Framework (SPF)
Sender Policy Framework (SPF), formerly Sender Permitted From, is an extension to the SMTP standard. SPF makes it easy to counter most forged "From" addresses in email, and thus helps to counter e-mail spam. The combination is also called SMTP+SPF.
How SPF works
SPF is a mechanism where domain owner's announce where email can come from, for their domain.
This announcement is done through a DNS server. For example, Microsoft
exposes their SPF record in their DNS, which lists a set of IP addresses where an
email can originate if the domain name is microsoft.com
If a message comes from any other IP address it should be considered as a forgery.
Creating an SPF record for your domain
Xeams comes with an SPF wizard that
allows you to create an SPF string. Once the string is created, you need to create a
TXT record in your DSN with this string. Following steps show you how to use this
- Log in to the Admin Console
- Click Tools on the main menu (Do not click any item in the pop-up menu - click Tools itself)
- Scroll down and type your domain name for
SPF Wizard and click
- The generated string must be added in your DNS server as a TXT
Here are some examples if you wish to create records manually.
Assume every out-bound email goes through your email server. In that case, your SPF record will look like:
v=spf1 mx ~all
For the sake of argument, assume you have a third-party company that sends out-bound emails on your behalf and their public IP address is
126.96.36.199. In that case, your SPF record will look like:
v=spf1 mx ip4:188.8.131.52/32 ~all
Taking the above examples one step further, assume you have out-sourced your HR department to another company that also uses SPF and can send emails on your behalf.
The domain name of that company is friendlyHR.com. In that case, the SPF record will become:
v=spf1 mx ip4:184.108.40.206/32 include:friendlyhr.com ~all
Notice the ending
at the end of each record. This means a SOFTFAIL. An alternative approach is to use a
indicates a FAIL. Receiving server will most likely reject any incoming message that fails an SPF test and see a
in the SPF
record. Further analysis will be performed when a
is used before considering it a forged message.
Posted by Joel Simwinga on 8/16/16 9:04 AM
Hi, this post is not so clear, especially after the below points;
"Scroll down and type your domain name for SPF Wizard and click Proceed"
"The generated string must be added in your DNS server as a TXT record"
Are you able to be more precise?
Posted by Vojtech on 9/21/16 2:43 PM
Truth be told, DKIM and DMARC are really necessary feature nowadays. This is something that would really help to filter spam messages a lot.
Posted by Cassio Simoes on 8/20/16 3:45 PM
+1 for dkim, is it supported?
Posted by Alex on 8/23/16 10:28 AM
can you tell us is DKIM is supported by XEAMS?
If yes How can we depploy it?
Posted by Peter on 12/21/16 3:11 PM
For SPF Record, I type my domain name and click Proceed. The next page says "NS Record" and shows some values. How do I add, change, or delete values for NS record?
Posted by David Moore on 11/13/15 9:39 PM
What about DKIM? Can Xeams validate DKIM? I am just learning about DKIM and am looking to put it in place. However I am not 100% how it is truely useful in validation.
Posted by Gert Jürgensen on 9/23/16 2:51 AM
YES DKIM added http://www.xeams.com/DKIM.htm
Thanks, please also add DMARC
And even better add fields/items on message that make it possible in WEBMAIL or Email Clients to see this message has this status/remark for
Example: DMARC - No DKIM, but maybe legit, as SPF are okay.
Add a comment to this document
Do you have a helpful tip related to this document that you'd like to share
with other users? Please add it below. Your name and tip will appear at the
end of the document text.