Email Security: How can I create SPF record on DNS server?

Description

Email Security: How to create SPF record on DNS server

Resolution

To create an SPF record for a domain.

  1. Login into your Admin Console that manages DNS for your domain.
  2. Navigate to the configuration page where you can make changes to your DNS records.
  3. Create a TXT record using some of the following mechanisms to define the trusted sources allowed to relay email for your domain.
    EXAMPLE: 
    "v=spf1 ip4:192.168.6.112 /16 -all".
    "v=spf1 ip6:1080::8:800:200C:417A/96 -all".
    "v=spf1 a:example.com -all".
    "v=spf1 mx mx:example.domain.com -all".
    "v=spf1 ptr -all".
    "v=spf1 exists:example.com -all".
    "v=spf1 include:example.com -all"


Mechanism.

  • all :This always goes at the end of the SPF record and specifies that the condition always matches .
  • ip4 :This specifies the condition to use IPV4 network range./32 is assumed if no prefix-length is given.
  • ip6 :This specifies that IPV6 network range is used. /128 is assumed if no prefix length is defined.
  • a :This specifies that all A records be tested and the condition matches if the client IP is found.
  • mx :This defines all A records of all MX records be tested in the order of priority. The condition passes if the client IP is found among them.
  • Ptr: Hostname is validated by PTR queries and the condition passes if at least one A record of a PTR hostname matches the original client IP.
  • Include :This specifies the defined domain be searched for a match. If the lookup does not result in a match or permerror, the query proceeds to the next condition.

EXAMPLE: v=spf1 mx:messages.sonicwall.com -all.

When creating an SPF record that uses the ~all instead of all, you are specifying a softfail whereas the all would result in a hard fail if the conditions of the SPF record are not matching.

  • "+" Pass The SPF record states that the host is permitted to send.
  • "-" Fail The SPF record states that the host is NOT permitted to send.
  • "~" SoftFail The SPF record states that the host is NOT permitted to send but is in transition.
  • "?" Neutral The SPF record states explicitly that no judgement is made on the validity of the host

NOTE: Save your settings. DNS records can take up to 48 hours to propagate.

For more reference you can refer to: http://www.open-spf.org/SPF_Record_Syntax

Related Articles

  • Email Security: How to download the Outlook Junk Tool?
    Read More
  • Configuring SonicWall Email Security to Ensure Maximum effectiveness, High Throughput
    Read More
  • How to exclude the domain from DHA scanning?
    Read More

Categories

Email Security
Email Security Appliance
Email Security
Email Security Software
Email Security
Hosted Email Security
not finding your answers?
Ask the Community
was this article helpful?
YesNo