Customer Support
What are SPF records and how to we use them?
The SPF record (Sender Policy Framework) - Sender Policy Framework, are records through the DNS zone of the domain, through which you declare from which SMTP servers your emails leave. Many times you may have noticed that you are receiving spam emails from yourself to you. This is because spammers define your email as the sender, so that it becomes difficult to manage the spam mails you receive. Imagine how difficult it is to define e.g. your e-mail to a blacklist so that e-mails from you automatically go to the Junk Folder.
Operation of SPF
When a user sends an e-mail to a recipient, the following check is made: The recipient's incoming mail server, during the process of receiving the e-mail, asks its DNS if the ip from which the e-mail was sent coincides with one of the ips analyzed by the SPF records of the sender's domain.
A check is made which gives four possible results in the "Received-SPF" variable in the e-mail header:
Possible values are:
a) pass
b) neutral
c) softfail
d) fail.
Depending on the settings of the Inbound Server, the e-mail is either rejected, or goes through further control by other software that may be running on the same server, e.g. SpamExperts since it has now been properly flagged, or is delivered to the sender to be filtered by applications on the pc of the user eg AntiSpam applications.
What are SPF records and examples of them.
A completed SPF record in the dns zone is a TXT record, with text of the form v=spf1 [[pre] type ] … [mod] and finally looks something like this:
domain.gr 3600 IN TXT "v=spf1 ip4:123.456.78.90-all"
Practically, in the example of SPF registration above, we declare from which mail server the e-mails of all the accounts belonging to our domain are sent.
Examples:
If we want to declare that our e-mails leave only from a mail server (smtp) that "listens" to our server address, e.g. from 123.456.78.90 then our registration should be:
v=spf1 ip4:123.456.78.90 -all  (-all means that our emails only go from this ip)
If we want to declare that our e-mails only go from the mail servers for which we have made an MX registration in our domain, then our registration will be:
v=spf1 mx -all
We can make combinations of the above, that is to say that our emails are sent from:
all the servers we have declared with MX server and (putting "+", which is default) from another specific ip, 123.456.78.90 and only from them. Then we would have
v=spf1 +mx +ip4:123.456.78.90 -all
There are also other options like setting ipv6 and also setting ptr. With a ptr addition we can declare that our mails can leave the server for which there is a specific reverse dns record. E.g:
v=spf1 mx ptr ip4:123.456.78.90ptr:domain.gr -all
the above indicates that the emails will leave either from one of all the mail servers for which there are mx records, or from the ip 123.456.78.90 but also from the ip resolved by the ptr record of domain.gr
In addition, we can also use the "a" option, where together with "mx" it is a safer setting, e.g.
v=spf1 a mx -all
the above states that our mails only leave from servers with ips that exist in the "A" and "MX" type zone records of our domain.
All of the above work perfectly when you use your domain's SMTP. But many times we send our mails from your ISP's smtp, so in this case you can add your server's ip but that way you don't block spammers who send spam using the same ISP you use. Of course, Greek ISPs have security measures and various limits that prevent spamming by their subscribers.
in the event that an e-mail is also sent from the provider you connect to, the registration would have the following format:
v=spf1 a mx a:smtp.yourisp.com -all
At Top.Host and specifically on all our Linux servers, we already have the SPF record installed.
v=spf1 ip4:123.456.78.90 -all  (-all means that our emails only go from this ip)
If we want to declare that our e-mails only go from the mail servers for which we have made an MX registration in our domain, then our registration will be:
v=spf1 mx -all
We can make combinations of the above, that is to say that our emails are sent from:
all the servers we have declared with MX server and (putting "+", which is default) from another specific ip, 123.456.78.90 and only from them. Then we would have
v=spf1 +mx +ip4:123.456.78.90 -all
There are also other options like setting ipv6 and also setting ptr. With a ptr addition we can declare that our mails can leave the server for which there is a specific reverse dns record. E.g:
v=spf1 mx ptr ip4:123.456.78.90ptr:domain.gr -all
the above indicates that the emails will leave either from one of all the mail servers for which there are mx records, or from the ip 123.456.78.90 but also from the ip resolved by the ptr record of domain.gr
In addition, we can also use the "a" option, where together with "mx" it is a safer setting, e.g.
v=spf1 a mx -all
the above states that our mails only leave from servers with ips that exist in the "A" and "MX" type zone records of our domain.
All of the above work perfectly when you use your domain's SMTP. But many times we send our mails from your ISP's smtp, so in this case you can add your server's ip but that way you don't block spammers who send spam using the same ISP you use. Of course, Greek ISPs have security measures and various limits that prevent spamming by their subscribers.
in the event that an e-mail is also sent from the provider you connect to, the registration would have the following format:
v=spf1 a mx a:smtp.yourisp.com -all
At Top.Host and specifically on all our Linux servers, we already have the SPF record installed.
You haven't found what you are looking for?
Contact our experts, they will be happy to help!
Contact us