Document information

Document ID:4555
Subject:Sender Policy Framework (SPF)
Creation date:12/14/15 4:35 PM
Last modified on:8/11/17 7:47 AM


Sender Policy Framework (SPF)

Sender Policy Framework (SPF), formerly Sender Permitted From, is an extension to the  SMTP standard. SPF makes it easy to counter most forged "From" addresses in email, and thus helps to counter e-mail spam. The combination is also called SMTP+SPF.

How SPF works

SPF is a mechanism where domain owner's announce where email can come from, for their domain. This announcement is done through a DNS server. For example, Microsoft exposes their SPF record in their DNS, which lists a set of IP addresses where an email can originate if the domain name is microsoft.com. If a message comes from any other IP address it should be considered as a forgery.

Creating an SPF record for your domain

Xeams comes with an SPF wizard that allows you to create an SPF string. Once the string is created, you need to create a TXT record in your DSN with this string. Following steps show you how to use this wizard.
  • Log in to the Admin Console
  • Click Tools on the main menu (Do not click any item in the pop-up menu - click Tools itself)
  • Scroll down and type your domain name for SPF Wizard and click Proceed
  • The generated string must be added in your DNS server as a TXT record

Screenshot for SPF wizard

Examples

Here are some examples if you wish to create records manually.

Example 1:

Assume every out-bound email goes through your email server. In that case, your SPF record will look like:
v=spf1 mx ~all

Example 2:

For the sake of argument, assume you have a third-party company that sends out-bound emails on your behalf and their public IP address is 201.202.203.204. In that case, your SPF record will look like:
v=spf1 mx ip4:201.202.203.204/32 ~all

Example 3:

Taking the above examples one step further, assume you have out-sourced your HR department to another company that also uses SPF and can send emails on your behalf. The domain name of that company is friendlyHR.com. In that case, the SPF record will become:
v=spf1  mx ip4:201.202.203.204/32 include:friendlyhr.com ~all
Notice the ending ~all at the end of each record. This means a SOFTFAIL. An alternative approach is to use a -all, which indicates a FAIL. Receiving server will most likely reject any incoming message that fails an SPF test and see a -all in the SPF record. Further analysis will be performed when a ~all is used before considering it a forged message.

Related Links



User comments

Posted by Joel Simwinga on 8/16/16 9:04 AM

Hi, this post is not so clear, especially after the below points; "Scroll down and type your domain name for SPF Wizard and click Proceed" "The generated string must be added in your DNS server as a TXT record" Are you able to be more precise?

Posted by Vojtech on 9/21/16 2:43 PM

Truth be told, DKIM and DMARC are really necessary feature nowadays. This is something that would really help to filter spam messages a lot.

Posted by Cassio Simoes on 8/20/16 3:45 PM

+1 for dkim, is it supported?

Posted by Alex on 8/23/16 10:28 AM

Hello, can you tell us is DKIM is supported by XEAMS? If yes How can we depploy it? Thanks

Posted by Peter on 12/21/16 3:11 PM

For SPF Record, I type my domain name and click Proceed. The next page says "NS Record" and shows some values. How do I add, change, or delete values for NS record?

Posted by David Moore on 11/13/15 9:39 PM

What about DKIM? Can Xeams validate DKIM? I am just learning about DKIM and am looking to put it in place. However I am not 100% how it is truely useful in validation.

Posted by Gert Jürgensen on 9/23/16 2:51 AM

YES DKIM added http://www.xeams.com/DKIM.htm Thanks, please also add DMARC And even better add fields/items on message that make it possible in WEBMAIL or Email Clients to see this message has this status/remark for Antivirus SPF DKIM DMARC Example: DMARC - No DKIM, but maybe legit, as SPF are okay.


Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users? Please add it below. Your name and tip will appear at the end of the document text.
Your name:
Your email:
Hide my email address
Verification code:
Enter the verification code you see above more submitting your tip
Tip:Please limit tips to 1000 characters