What is Sender Policy Framework(SPF) Record?

Sender Policy Framework simply called as SPF is defining a policy who, which are servers can send mails from the domain. It will be very useful to the large and Medium Scale companies to avoid Spoofing attacks from the spammers but now a days small scale companies also started to use the SPF Records.

How Does it Works?

An Example, XYZ.COM the valid company  and has the good market value. bank.com is another financial company  which provides loans to the companies based on their companies Manager Mail Approval.Here Spammers knows this and spoofs send spam mail to the bank.com as Valid XYZ.COM Sender. So what will happen Bank.com trusts the mail and approves.

To Avoid this, XYZ.COM  designating or authorizing it’s sending IP Addresses which BANK.COM can check the SPF record of XYZ.COM and allow if it came from the proper addresses and reset of the Spam mails can be avoided.

 

How to create SPF Record?

SPF is simple TXT Record which will be created in ISP level. Normally SPF  record will look like the below one

windowstechpro.com.  IN TXT “v=spf1 mx a ip4:192.168.2.1/24 ip4:192.168.50.50 a:Edge01.wipro.com include:windeliver.com ~all”

let me break the above one,

v=spf1                 Header which tells that this is SPF Record

MX                        MX Records whatever available for this domain

a                            A Records which are available for the domain

ip4                        IPv4 Addresses. here you can IP Range or single Ip Address.

a:Edgeo1             Name Spaces which can send mails normally it will be FQDNs

Include                It will be other domains which are also can send emails.

~                           which will guides receipent apart from desingnated Addresses whatever fails are coming that can be        soft fail to quarantine.

For the detailed Syntax of SPF is well explained Here.

I know that it will look for some simple tool which can use the SPF Syntax and create SPF Record. You can use the Online tool wizard, it is very simple and gives you the TXT Record that you can update in your DNS of ISP.

How to Check SPF Record?

To check whether SPF record available of your domain or other domains, You can use simple Command to locate the SPF record.

           nslookup -type=txt “domainname.com”

Execute the above command by replacing the domain name with your domain without double quotes. You will get the SPF Records like this,

1

2

 

If you see the above images, google uses ~(Tild)  which means apart from designated servers, all other mails will get soft fail. wherein other domain tcs.com uses – (Minus) which hard fails the all other senders mails.

One thought on “What is Sender Policy Framework(SPF) Record?”

  1. Hi RK,

    The article really makes understanding easily about the concept.Thankyou:)

    Can you please share the concept of exchange 2013 and mail flow in exchange 2013 and how it differs from old versions.

Leave a Reply

Your email address will not be published. Required fields are marked *