-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Email Security: How can I create SPF record on DNS server?
10/29/2024 
1,080 People found this article helpful
485,814 Views
Description
Email Security: How to create SPF record on DNS server
Resolution
To create an SPF record for a domain.
- Login into your Admin Console that manages DNS for your domain.
- Navigate to the configuration page where you can make changes to your DNS records.
- Create a TXT record using some of the following mechanisms to define the trusted sources allowed to relay email for your domain.
EXAMPLE:
"v=spf1 ip4:192.168.6.112 /16 -all".
"v=spf1 ip6:1080::8:800:200C:417A/96 -all".
"v=spf1 a:example.com -all".
"v=spf1 mx mx:example.domain.com -all".
"v=spf1 ptr -all".
"v=spf1 exists:example.com -all".
"v=spf1 include:example.com -all"
Mechanism.
- all :This always goes at the end of the SPF record and specifies that the condition always matches .
- ip4 :This specifies the condition to use IPV4 network range./32 is assumed if no prefix-length is given.
- ip6 :This specifies that IPV6 network range is used. /128 is assumed if no prefix length is defined.
- a :This specifies that all A records be tested and the condition matches if the client IP is found.
- mx :This defines all A records of all MX records be tested in the order of priority. The condition passes if the client IP is found among them.
- Ptr: Hostname is validated by PTR queries and the condition passes if at least one A record of a PTR hostname matches the original client IP.
- Include :This specifies the defined domain be searched for a match. If the lookup does not result in a match or permerror, the query proceeds to the next condition.
EXAMPLE: v=spf1 mx:messages.sonicwall.com -all.
When creating an SPF record that uses the ~all instead of all, you are specifying a softfail whereas the all would result in a hard fail if the conditions of the SPF record are not matching.
- "+" Pass The SPF record states that the host is permitted to send.
- "-" Fail The SPF record states that the host is NOT permitted to send.
- "~" SoftFail The SPF record states that the host is NOT permitted to send but is in transition.
- "?" Neutral The SPF record states explicitly that no judgement is made on the validity of the host
NOTE: Save your settings. DNS records can take up to 48 hours to propagate.
For more reference you can refer to: http://www.open-spf.org/SPF_Record_Syntax
Related Articles
- How to set up your MX record after you activated Email Security Hosted Solution
- Email Security: How to troubleshoot NDR's.
Categories
- Email Security > Email Security Appliance
- Email Security > Email Security Software
- Email Security > Hosted Email Security
YES
NO