SPF is a cryptographic protocol which identifies email spoofing by allowing the receiving mail server to check if the sender is authorized by the email domain administrator to send emails for the specific email domain.
Frequently Ask Question
What is SPF?
An SPF record is a TXT record that is part of a domain’s DNS (Domain Name Service). An SPF record lists all authorized IP addresses / hostnames that are permitted to send email on behalf of your domain. The Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain.
How to create the SPF record?
1. Collect all the IP addresses that are used to send emails.
The SPF gives the ability to authenticate your email and to specify which IP addresses are allowed to send email on behalf of the specific domain.
2. Gather all the sending email servers.
It is important to create SPF records for all the domains you control, even the ones you’re not mailing from.
3. Create SPF record.
After defining your SPF record your record might look something like this: For example : v=spf1 ip4:126.96.36.199 ip4:188.8.131.52 include:example.com -all
For domains that aren’t sending email, you can publish the following record. v=spf1 -all
4. Publish your SPF record in your DNS.
Finally, after defining your SPF record it’s time to publish the record into your DNS.
What is the best practise for SPF?
DNS lookup for SPF record should not exceed 10 DNS lookup. If you have more than ten lookups in your record, a permanent error could be returned during the SPF authentication process. DMARC treats that as fail since it's a permanent error, and all SPF permanent errors are interpreted as fail by DMARC.
SPF was the first email authentication scheme to achieve widespread adoption, but it’s not the only one out there. SPF authentication is most effective when deployed in combination with other anti-fraud techniques such as DMARC.
What are the limitations of the SPF record?
Let’s first see what SPF does and what it does not:
Does : SPF authenticates the sending server of the email based on the sending IPv4/IPv6 address.SPF focuses on a header that is not visible to the end-user (Return-Path, MAIL FROM, Envelope-From, Bounce address, HELO/EHLO).
Does not : SPF does not require any alignment between the end-user's visible domain and the typically invisible Return-Path that it checks.SPF does not provide any reporting functionality for the receiver to send back to the sender with the results of the email authentication.SPF does not survive forwarding and indirect mail-flows.SPF does not tell the receiving server what it should do with an email that failed SPF. For example, senders can publish “-all” but this has never been honoured byreceivers, as SPF breaks easily, and this would cause legitimate emails to be rejected.
SPF configuration for MailChimp
To read about SPF configuration for MailChimp, So download below PDF.
Setting up a custom MAIL FROM domain for Amazon SES
To read about Setting up a custom MAIL FROM domain for Amazon SES, So download below PDF.
SPF Status About Your Domain
SPF (Sender Policy Framework) is an email validation protocol that validates sending domain names associated to email messages through cryptographic authentication by means of public and private key pair.