What is SPF and How to configure it?

Created by Abderrahim Ibnou el kadi, Modified on Tue, 10 Mar 2020 at 11:11 AM by Abderrahim Ibnou el kadi

Sender Policy Framework (SPF) first mentioned in 2000 but didn’t really attract attention, and since then SPF has experienced several changes. In 2006 led to the first experimental RFC followed by other changes and then, finally in 2014, the proposed standard SPF that is known as RFC7208, to get all the details about SPF go here.

SPF is an email validation system to prevent spammers from sending messages on behalf of your domain. SPF has proved its importance in the email market but not popular in the email market and almost became obsolete. Fortunately, DMARC revived SPF along with DKIM and it is now forming an important TRIO becoming a trend in the market because they are effective in blocking spoofing email. 

SPF like DMARC is an email authentication technique that uses DNS to specify which email servers are allowed to send email on behalf of your domain. 


How to create an SPF:

To create an SPF is pretty easy, all you have to do is create a TXT DNS record and enter the value with the mechanism you chose and you are all set. 

Among the mechanisms that are well know is HARD FAIL and SOFTFAIL (-all, ~all respectively), IF your intention of implementing SPF is protection then it is imperative to set your SPF with a HARD FAIL (-all). This means all incoming email from different IP addresses different from the one(s) set in the SPF record will be rejected, other than that it is defeating the purpose.


Example for domain xyz.com: "v=spf1 +a +mx –all”

This means if incoming mail from xyz.com that are not sent from xyz.com’s A or MX record are meant to be rejected because of the mechanism (-all).

For more details about other mechanisms you can always check their website.