Prolateral Consulting Ltd
Prolateral Consulting Ltd
Support
Support
Knowledgebase Articles
Help
Setup examples
Support

Prolateral offers primary and backup domain (DNS) services, with servers in key geographic locations providing the best service possible.

What is a "SPF" record?

Problem

What is a "SPF" record?

Solution

A Sender Policy Framework record, or SPF Record, is used to control forged email. It does this by asking the sending domain if it matches the IP address of the person sending the email.

The SPF - Night Club Analogy

It works the same way, when you went to a club and there was strict checking of a guest list at the front door with a door supervisor (aka the bouncer or doorman).  If your name wasn’t on their guest list you weren’t gaining access to the club.

denied! You're not on my SPF list

It’s the same with emails.  When the receiving server sees the email, it checks with the domain owner’s name servers (The door supervisor) to lookup the list of authorised email senders (their list) and if the sending server is on the published SPF record the email is allowed in for local delivery and if not its rejected (bounced).

Keeping your SPF record accurate is like maintaining that guest list. Only add servers you trust to send emails from your domain, like your email provider or any marketing platforms you use.

The main benefit of using a publish SPF record is you reduce the risk of your domain name being using in spam and phishing attempts, thus protecting your domain name and companies’ reputation.

If an email is rejected (based on SPF) would you like to know about it? why it happened? and clues on resolving it?  This is were DMARC policies come in.  To learn more have a read of the article "What is a DMARC record"

Example of how SPF works

Below is an example to give you an idea of how SPF works.

Craig owns the domain example.com. He also sometimes sends mail through his GMail account and contacted GMail's support to identify the correct SPF record for GMail. He also uses outMail for sending outbound emails.

Since he often receives bounces about messages he didn't send, he decides to publish an SPF record in order to reduce the abuse of his domain.

He adds the following record to his DNS domain zone file

example.com. TXT "v=spf1 a:mymailserver.example.com include:aspmx.googlemail.com include:spf.smtp-engine.com -all"

The breakdown of that record is as follows

v=spf1 SPF version 1
mx the incoming mail servers (MXes) of the domain are authorised to also send mail for example.com
a:mymailserver.example.com the machine mymailserver.example.com is authorised
include:aspmx.googlemail.com everything considered legitimate by googlemail.com is legitimate for example.com
include:spf.smtp-engine.com SPF record for outMail to include all the outMail outbound SMTP Clusters
-all all other machines are not authorized

 

Related Articles

like it, love it, then share it. Share this article on social media.

Did you enjoy this article?

Disclaimer

The Origin of this information may be internal or external to Prolateral Consulting Ltd. Prolateral makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Prolateral makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.