Knowledge Base Article ID: 1148 Last updated: 16 Oct 2009

Print

E-Mail

Comment

Share

SPF is a spam and phishing scam fighting method which uses DNS SPF-records to define which hosts are permitted to send e-mails for a domain. For details on SPF, please see http://www.openspf.org/

This works by defining a DNS SPF-record for the e-mail domain name specifying which hosts (e-mail servers) are permitted to send e-mail from the domain name.
Other e-mail servers can lookup this record when receiving an e-mail from this domain name to verify that sending e-mail server is connecting from a permitted IP address.

A new SPF-record type was recently added to the DNS protocol to support this (RFC4408).
However not all DNS and e-mail servers support this new record type yet, so SPF can also be configured in DNS using the TXT-record type.
We recommend that you only use the SPF-record type and let Simple DNS Plus synthesize matching TXT-records for backwards compatibility.

Simple DNS Plus can also automatically synthesize SPF-records (SPF and TXT) for all domain names hosted on your server which do not already have SPF-record.

In the main window click the "Options" button:

In the Options dialog, select "Automatic SPF" in the left list.

The first option "Synthesize TXT-records from SPF-records for local domains" makes it easy to ensure that your DNS data is backwards compatible with older DNS and e-mail servers which do not yet support the new SPF record type.

The second option "Synthesize missing SPF records" allows you to specify SPF data for all local domain names which do not have SPF-records.

You can get the exact SPF-record data string to enter by using the setup wizard at http://www.openspf.org/

You can also setup SPF-records for individual domain names.
SPF-records for individual domain names will always override the Automatic SPF records options.
For example to create an SPF-record specifying that only those e-mail servers handling inbound e-mail for "example.com" (as specified in MX-records) are allowed to send e-mails from "...@example.com" (fits most setups), you would follow these steps:

First click the "Records" button in the main window:

Then in the DNS Records window, right-click on the zone in the left list, and select "Other new record" and then "SPF-record" from the pop-up menu:

Enter the SPF text string (without surrounding quotes), and click the "OK" button:

Again, you can get the exact text string to enter by using the setup wizard at http://www.OpenSPF.org

Notice the "Synchronize TXT-record" option which allow you to automatically create/update a TXT-record with the same data. This is however not needed if you use the "Synthesize TXT-records from SPF-records for local domains" in the Options dialog (see above) on all DNS servers for the domain.

NOTE: The abbreviation "SPF" used to stand for "Sender Permitted From" but was later changed to mean "Sender Policy Framework".

NOTE: Microsoft uses the name "Sender ID" about SPF - this is exactly the same thing.
The name confusion is the result of a "merge" between Microsoft's "Caller-ID" and SPF in May 2004 - where essentially only SPF survived.

Add Comment...

	Add Comment
	Your name:   Your e-mail address (Will NOT be listed. For replies, notifications, and Gravatar only): Comment (no HTML codes):   Notify me by e-mail when someone else comments on this page