SPF - Sender Policy Framework aims to prevent the falsification of the sender's address in emails.
Note: Specifically, you should define records to block the sending of emails through unauthorized servers.
For this purpose, store an SPF record in DNS (Domain Name System) in the form of a TXT entry in the additional information section. This TXT-based SPF entry contains specific information about authorized mail servers. The recipient mail server queries the domain's SPF record to check whether it came from an authorized mail server or an unauthorized one. Based on this information, it either accepts or rejects the email.
Q-Syntax | Result Code | Description |
---|---|---|
+ | Pass | Authorizes the definition of sending servers; This is a standard, so if no qualifier is specified, it is assumed as +. |
- | Fail | Relevant error is returned if mail is sent from unauthorized IP or sources. |
~ | SoftFail | Unauthorized sending servers may be defined. However, the recipient should consciously address this error. |
? | Neutral | The sending server ensures that no comments regarding legitimacy are made in channels where it defines the mail to be accepted. |
Mechanism | Valid Conditions for Given Instruction |
---|---|
All | Always |
A | The queried (or explicitly stated) domain has an MX record or MX IP address. |
mx | The queried (or explicitly stated) domain has an MX record or MX IP address. |
ip4 | The specified IPv4 address is the sender's IP address, or the specified IPv4 subnet includes it. |
ip6 | The specified IPv6 address is the sender's IP address, or the specified IPv6 subnet includes it. |
redirect | Another domain's SPF record legitimizes the sender's IP address. |
include | An additional SPF request for the domain specified in the "include" statement includes the sender's IP address. |
exists | The sender's IP address is authorized based on the client's connection or other criteria as per RFC7208. |