{"id":19028,"date":"2020-11-20T10:34:38","date_gmt":"2020-11-20T02:34:38","guid":{"rendered":"https:\/\/web.mwwsb.com.my\/pjci\/?post_type=kb&p=19028"},"modified":"2022-09-07T21:40:15","modified_gmt":"2022-09-07T13:40:15","slug":"spf-record","status":"publish","type":"kb","link":"https:\/\/www.casbay.com\/guide\/kb\/spf-record","title":{"rendered":"SPF Record"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

What is an SPF Record?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

The SPF (Sender Policy Framework<\/strong>) is an email authentication technique that is used to prevent spammers from sending messages on behalf of your domain. An organization can publish authorized mail servers with the aids of SPF. Together with the information relating to\u00a0DMARC<\/a>, it gives the receiver\/ receiving systems information on the originality of an email. Just like DMARC, SPF is an email authentication technique that uses DNS (Domain Name Service). This enables you to specify which email servers are permitted to send emails on behalf of your domain.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

History of SPF (Sender Policy Framework )<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Initially, SPF was mentioned in 2000. In the following years, the SPF specification slowly developed in multiple drafts. Meanwhile, the original name “Sender Permitted From” has been changed to “Sender Policy Framework”.<\/p>

An SPF working group of IETF once tried to combine SPF and Microsoft\u2019s CallerID proposal. They made their next attempt with the \u201cclassic\u201d version of SPF. This lead to the first experimental RFC in 2006 and, in 2014 the proposed standard SPF, familiar under RFC 7208 in 2014.<\/p>

Nowadays, email authentication techniques have evolved and lead to techniques such as DKIM and DMARC. However, SPF still fulfills an important role to determine whether an email is DMARC Compliant\u00a0<\/p>

DMARC Analyzer uses SPF, DMARC<\/a>, and DKIM<\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Examples of Standard SPF records:\u00a0<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

\u201cabc.com\u201d IN TXT \u201cv=spf1 mx a:abc.com ~all\u201d<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

OR<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t

\u201cabc.com\u201d IN TXT \u201cv=spf1 ip4: mx mx:abc.com a: -all\u201d<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

SPF in practice<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
An SPF record<\/a> is a DNS record that you have to add to the DNS zone of your domain. In this SPF record, you can specify which IP addresses and\/or hostnames are authorized to send email from the specific domain.<\/div>

The mail receiver will use the \u201cenvelope from\u201d address of the mail (mostly the Return-Path header) to confirm that the sending IP address was allowed to do so. This will happen before receiving the body of the message. When a specific domain does not include the sending email server the email from this server will be marked as suspicious. Eventually, the email server will reject it.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

What SPF doesn\u2019t do<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
SPF is a great technique to add authentication to your emails. However, it has some limitations which you need to be aware of.<\/div>
  • it does not validate the \u201cFrom\u201d header. Most clients include the header as the actual sender of the message. SPF does not validate the \u201cheader from\u201d, but uses the \u201cenvelope from\u201d to determine the sending domain<\/li>
  • SPF will break when you forward an email. At this point, the \u2018forwarder\u2019 becomes the new \u2018sender\u2019 of the message and will fail the SPF checks performed by the new destination.<\/li>
  • lacks reporting which makes it harder to maintain<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t

    SPF and DMARC<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t
    SPF is one of the authentication techniques on which DMARC is based. DMARC uses the result of the SPF checks and adds a check on the alignment of the domains to determine its results.<\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t

    This is what it looks like (in CloudFlare ) when you add an SPF Record to the DNS.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    What is an SPF Record? The SPF (Sender Policy Framework) is an email authentication technique that is used to prevent spammers from sending messages on behalf of your domain. An organization can publish authorized mail servers with the aids of SPF. Together with the information relating to\u00a0DMARC, it gives the receiver\/ receiving systems information on […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}}},"kbtopic":[118],"kbtag":[106],"mkb_version":[],"_links":{"self":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/19028"}],"collection":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/comments?post=19028"}],"version-history":[{"count":7,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/19028\/revisions"}],"predecessor-version":[{"id":36372,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/19028\/revisions\/36372"}],"wp:attachment":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/media?parent=19028"}],"wp:term":[{"taxonomy":"kbtopic","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtopic?post=19028"},{"taxonomy":"kbtag","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtag?post=19028"},{"taxonomy":"mkb_version","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/mkb_version?post=19028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}