Monthly Archives: September 2021

SPF record – What is it?

SPF record explained.

SPF record stands for Sender Policy Framework record is a DNS (Domain Name System) record that specifies essential information for a domain name. It points to the outgoing mail server that is responsible for the particular domain. The MX (Mail eXchanger) record serves to show which email servers are responsible for the incoming emails for the domain. On the other hand, SPF records indicate which email servers qualified for sending emails on behalf of the domain name.

Let’s say you want to send an email to James@example.com. But, first, the incoming mail servers of example.com are going to check your domain name. Then, they are going to look for the SPF record and follow the rules that are set by it. Your email is going to be successfully received only in the case the SPF record is present. In another case, your email could end in the SPAM box of your recipient.  

How does it work?

With SPF records, domain owners are able to make a public list containing all of their authorized senders, which are the outgoing mail servers and their IP addresses. Thanks to that list, servers that receive emails are able to verify if the email is delivered from an authorized server to communicate on your company’s behalf. If that message is not received from some of the servers included in the list, the server receiving the email will consider it fake. 

Establishing rules with SPF record

The rules are based on two main groups. The first one is the qualifiers, and the second one is the mechanisms of the SPF record.

The SPF qualifiers are:

  • “-” That minus symbol indicates FAIL. It is a warning that messages coming from the domain must be rejected. 
  • “~” That tilde symbol indicates SOFT FAIL. The signal here is when a message comes from the domain, it should get a failed tag, although it can also be allowed.
  • “?” The question mark symbol indicates NEUTRAL. The signal, in this case, is that there are no policies involved (none).
  • “+” The plus symbol indicates PASS. Messages, which are coming from the domain are signalized that they should be accepted. 

The SPF mechanisms are: 

  • ” all” – All mechanisms after that it will be ignored.
  • ” include” – It provides you the opportunity to include more other domains that are able to send emails from the mail servers of the domain. You can unite example.itexample.co.uk, and example.de to send from example.com.
  • ” a” – When you pick it, then the A or AAAA records will require to get a match with the return path, and emails can be allowed.
  • ” mx” – When you select it, then an MX query requires to be completed and to get a match with the return path. If there is a match, then it is going to be allowed. 
  • ” ptr” – When you select it, then a PTR query requires to be completed and to get a match with the return path. It is allowed only if they match.
  • ” ip4” – This is going to review only A records (IPv4 addresses) to examine if they correspond to the domain.
  • ” ip6” – This is going to review only AAAA records (IPv6 addresses) to examine if the IP addresses match the domain.
  • exists” – This is for more complex queries.

DNS resolution – overview

Have you ever wondered how you can access so easy, so fast, a website on the Internet? 

If you get curious about how this magic happens, DNS resolution is the clue you need to follow.

What is DNS resolution?

Domain name system (DNS) resolution is the process of translating the domain name you type into your browser into the corresponding IP address of that domain. Without the IP address, the domain you search for can’t be located and loaded.

A domain name can have more than one IP address. For instance, it can have one IPv4 and one IPv6. During the DNS resolution, both will be requested. Or it can have multiple IPv4 (or IPv6) addresses, and when the DNS resolution process gets triggered, it will be enough to get one of those addresses to serve the domain.

The reason for this necessary translation emerged decades ago. When the Internet was young, hosts were searched using their IP addresses and stored in a manually updated Host file. Humans could still memorize those numbers (example: 230.115.1.16), but it was not simple. Still, to search this way was possible because there were a lot fewer devices than currently. 

The Internet succeeded, domains got multiplied, and the use of IP addresses got really hard for humans. Therefore, the domain name system (DNS) was created (1983). Instead of using a manually updated Host file with IP addresses, humans could type a name like todaynews.com. 

Then, IP addresses are used by machines, domain names by humans. 

How does DNS resolution work?

Fasten your belt because we are about to get inside the big DNS machinery, and the trip will take milliseconds!

Everything starts when a user requests a domain name (todaynews.com) inside the browser. The DNS resolution is triggered! The domain name has to be translated into its associated IP address to be loaded. The request will be taken by the expert searcher of IP addresses: a DNS recursive server.

If it’s not the first time the user visits this domain, there’s a chance that the DNS recursive server still has it on its cache. These servers’ cache gets configured with a specific TTL (time-to-live) value that establishes the period of time to store data. Once the TTL expires, an update will replace the previously stored data. Then, if the DNS recursive server has the IP address, the process will last a blink of an eye. The translation will happen immediately, and the requested domain (todaynews.com) will be loaded. 

But, if it’s the first time this domain is requested, or if its IP address is not available in the recursive server’s cache, it will have to ask other servers for it. 

First, the DNS recursive server will ask the Root server. It will check the TLD (top-level domain) of the requested domain (.com in our example). Then it will point to the DNS recursive server, the corresponding TLD server for the domain. Both servers will communicate, and the TLD server will point to the right authoritative nameserver, so the recursive can request the IP address.

The recursive server will reach the authoritative one, and this last will provide the IP address. The user’s request will finally be answered by properly loading todaynews.com. The DNS recursive server will store the IP address in its cache. 

Conclusion.

We are very used to the web, and sometimes we take it for granted. But behind every search, there’s a massive process taking place for loading your domain or for you to access that e-shop, news site, social network, etc. And the complete DNS resolution process happens in milliseconds! Amazing, isn’t it?