SPF record explained.
SPF record stands for Sender Policy Framework record is a DNS (Domain Name System) record that specifies essential information for a domain name. It points to the outgoing mail server that is responsible for the particular domain. The MX (Mail eXchanger) record serves to show which email servers are responsible for the incoming emails for the domain. On the other hand, SPF records indicate which email servers qualified for sending emails on behalf of the domain name.
Let’s say you want to send an email to James@example.com. But, first, the incoming mail servers of example.com are going to check your domain name. Then, they are going to look for the SPF record and follow the rules that are set by it. Your email is going to be successfully received only in the case the SPF record is present. In another case, your email could end in the SPAM box of your recipient.
How does it work?
With SPF records, domain owners are able to make a public list containing all of their authorized senders, which are the outgoing mail servers and their IP addresses. Thanks to that list, servers that receive emails are able to verify if the email is delivered from an authorized server to communicate on your company’s behalf. If that message is not received from some of the servers included in the list, the server receiving the email will consider it fake.
Establishing rules with SPF record
The rules are based on two main groups. The first one is the qualifiers, and the second one is the mechanisms of the SPF record.
The SPF qualifiers are:
- “-” That minus symbol indicates FAIL. It is a warning that messages coming from the domain must be rejected.
- “~” That tilde symbol indicates SOFT FAIL. The signal here is when a message comes from the domain, it should get a failed tag, although it can also be allowed.
- “?” The question mark symbol indicates NEUTRAL. The signal, in this case, is that there are no policies involved (none).
- “+” The plus symbol indicates PASS. Messages, which are coming from the domain are signalized that they should be accepted.
The SPF mechanisms are:
- ” all” – All mechanisms after that it will be ignored.
- ” include” – It provides you the opportunity to include more other domains that are able to send emails from the mail servers of the domain. You can unite example.it, example.co.uk, and example.de to send from example.com.
- ” a” – When you pick it, then the A or AAAA records will require to get a match with the return path, and emails can be allowed.
- ” mx” – When you select it, then an MX query requires to be completed and to get a match with the return path. If there is a match, then it is going to be allowed.
- ” ptr” – When you select it, then a PTR query requires to be completed and to get a match with the return path. It is allowed only if they match.
- ” ip4” – This is going to review only A records (IPv4 addresses) to examine if they correspond to the domain.
- ” ip6” – This is going to review only AAAA records (IPv6 addresses) to examine if the IP addresses match the domain.
- “exists” – This is for more complex queries.