Configuring SPF (Sender Policy Framework) records
SPF is a spam and phishing scam fighting method which uses DNS SPF-records to define which hosts are permitted to send e-mails for a domain. For details on SPF, please see http://www.OpenSPF.org
This works by defining a DNS SPF-record for the e-mail domain name containing codes specifying which hosts (e-mail servers) are permitted to send e-mail for the domain name.
Other e-mail servers can lookup this record when receiving an e-mail from an e-mail address with this domain name to verify that sending e-mail server is connecting from a permitted IP address.
A new SPF-record type was recently added to the DNS protocol to support this (RFC4408).
However not all DNS and e-mail servers support this new record type yet, so SPF can also be configured in DNS using the TXT-record type.
We recommend that you only use the SPF-record type and let Simple DNS Plus synthesize matching TXT-records for backwards compatibility.
Simple DNS Plus can also automatically synthesize SPF-records (SPF and TXT) for all domain names hosted on your server which do not already have SPF-record.
In the main window click the "Options" button:
In the Options dialog, select "Automatic SPF" in the left list.
The first option "Synthesize TXT-records from SPF-records for local domains" makes it easy to ensure that your DNS data is backwards compatible with older DNS and e-mail servers which do not yet support the new SPF record type.
The second option "Synthesize missing SPF records" allows you to specify SPF data for all local domain names which do not have SPF-records.
You can get the exact SPF-record data string to enter by using the setup wizard at http://www.OpenSPF.org
You can also setup SPF-records for individual domain names.
SPF-records for individual domain names will always override the Automatic SPF records options.
For example to create an SPF-record specifying that only those e-mail servers handling inbound e-mail for "example.com" (as specified in MX-records) are allowed to send e-mails from "...@example.com" (fits most setups), you would follow these steps:
First click the "Records" button in the main window:
Then in the DNS Records window, right-click on the zone in the left list, and select "Other new record" and then "SPF-record" from the pop-up menu:
Enter the SPF text string (without surrounding quotes), and click the "OK" button:
Again, you can get the exact text string to enter by using the setup wizard at http://www.OpenSPF.org
Notice the "Synchronize TXT-record" option which allow you to automatically create/update a TXT-record with the same data. This is however not needed if you use the "Synthesize TXT-records from SPF-records for local domains" in the Options dialog (see above) on all DNS servers for the domain.
NOTE: The abbreviation "SPF" used to stand for "Sender Permitted From" but was later changed to mean "Sender Policy Framework".
NOTE: Microsoft uses the name "Sender ID" about SPF - this is exactly the same thing.
The name confusion is the result of a "merge" between Microsoft's "Caller-ID" and SPF in May 2004 - where essentially only SPF survived.
|