Email spammers commonly forge the sender address in an email. They send
email from their own mail servers, but with your domain as the
sending email. The Sender Policy Framework (SPF)
attempts to control forged email by giving domain owners a way to specify
which email sources are legitimate for their domains and which ones aren't.
For detailed information about SPF, see the
Sender Policy Framework Project Overview.
You can add an SPF record to your Domain Name System (DNS) zone as a text
(TXT) record. The SPF record is associated with your domain and specifies
which mail server or servers the domain uses to send email.
To correctly set the SPF for your domain, answer the following
From what server or servers will email from the domain originate?
If you're sending email from your workstation by using your internet service
provider's (ISP) mail servers, you might want to consider their servers. You
must take all possible (legitimate) sending servers into account.
How do you want illegitimate email to be handled?
Do you want it to be rejected outright, or do you want the message to be
classified as a soft fail, meaning that the email will be subjected to
The example in this section assumes that you have the following considerations
for your email on a specific domain:
- The authorized servers are your cloud server (that is, the incoming mail
exchange (MX) details also send mail).
- No other servers are authorized.
In this situation, you would create the following rule and add it to a TXT
v=spf1 mx include:\_spf.example.com -all
The following list shows how each part of the record is defined:
v=spf1: Sets the SPF version that is used.
mx: Allows the domain's MX details to send email.
include:_spf.example.com: Includes example mail servers as
-all: Indicates that servers that are not listed previously are
not authorized to send email. If an unauthorized server does send
email, action is taken according to the receiving mail server's own
policy. For example, the email is deleted or marked as spam.
all setting is an important aspect of the record and has the
following basic markers:
-all: Any server that is not previously listed is not authorized to
~all: If mail is received from a server that is not previously
listed, it is marked as a soft fail, which allows the email to be
+all: Allows any server to send email from your domain.
Note: This last option should never be used.
To add an SPF TXT record by using the Cloud Control Panel, use the following
Log in to the Cloud Control Panel.
In the top navigation bar, click Select a Product > Rackspace Cloud.
Select Networking > Cloud DNS.
Click the action gear next to the name of the domain that you want
to modify, and select Add DNS Record.
Select TXT Record for the record type.
Enter the rule in the Text area. For example, enter
v=spf1 mx -allto indicate that all email is sent from this server
and no other mail servers are authorized.
Specify the Time to Live (TTL).
Click Add Record.
For more information, see the following resources:
Updated 3 months ago