Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [spf]

Sender Policy Framework is a standard by which the owner of a domain uses a specially formed DNS record to advertise which hosts are authorized to send email for the domain.

Sender Policy Framework (SPF) is a technique to prevent e-mail sender address forgery. With SPF system administrators add information about allowed senders for particular domain in a DNS server's TXT and/or SPF record.

Please have a look at the canonical question What are SPF records and how do I configure them.

892 questions
19
votes
2 answers

SPF Record with or without plus

Is there any difference between v=spf1 +a +mx -all and v=spf1 a mx -all I am unsure if they do the same thing or somthing different. Clarification would be great. Thank you
dgibbs
  • 661
19
votes
3 answers

SPF include vs redirect

What is the difference?
700 Software
  • 2,273
18
votes
1 answer

Can SPF records contain domain name wildcards?

Part of my SPF record contains: include:google.com I'm still getting soft fail because the actual e-mail is delivered by the following Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172] Which has a completely…
deltanovember
  • 541
11
votes
4 answers

SPF record -- why do we use `+a` alongside `+mx`?

Why do administrators mostly use +a alongside +mx in SPF records? This is the example: @ 10800 IN TXT "v=spf1 +a +mx -all" Isn't it enough to only use +mx parameter e.g.: @ 10800 IN TXT "v=spf1 +mx -all" I thought…
71GA
  • 383
8
votes
2 answers

SPF: Difference between v=spf1 include:_spf.google.com ~all and v=spf1 include:spf.google.com ~all

What is the difference between v=spf1 include:_spf.google.com ~all and v=spf1 include:spf.google.com ~all (the first one is with underline character in front of the spf, the second one without)
Adri Brundel
  • 81
7
votes
2 answers

Gmail ignoring SPF record

I have a domain whose SPF record looks like this: "v=spf1 mx ip4:6.7.8.9 -all". The record is valid, and to my understanding implies that allow mails only from: The server that is MX record for the domain. said ipv4 address: 6.7.8.9 Hard fail on…
0fnt
  • 274
6
votes
2 answers

What's the benefit of SPF HELO Identity

I'm try to understand the benefit of the HELO Identity defined in RFC7208 (SPF). There is a mail server, let's say mail.example.com. This server is used as relay for different domains. In Section 2.4: SPF verifiers MUST check the "MAIL FROM"…
Alex
  • 63
  • 1
  • 4
5
votes
1 answer

SPF with -all includes directive with ~all?

I want to update and simplify the SPF record of my domain. Unfortunately, http://www.openspf.org/SPF_Record_Syntax is unclear. My domain uses one MX relay for receiving and sending. The SPF rule is then as simple as this v=spf1 mx -all. This will…
chmike
  • 448
4
votes
4 answers

What's wrong with my SPF record?

This is my SPF record: v=spf1 a ip4:111.222.333.444 include:_spf.google.com ~all I sent a test email to my Gmail address and below are the headers. I replaced real IP address with 111.222.333.444 and I replaced server hostname with…
lars
  • 85
  • 1
  • 2
  • 5
3
votes
1 answer

SPF: Is ?all safe, and is it any different from having no policy at all?

A company I started working with had no SPF records on their domain. They are using multiple services (Google Apps and Shopify) that are sending e-mails from the company's domain with the company's domain in the Return-Path. They never experienced…
Chris
  • 135
3
votes
1 answer

SPF result is "neutral"

I have two servers. The first server uses a hostname of myserver.com, and I set the A record for myserver.com as the IP address of the first server. The second server uses the hostname server2.myserver.com, and I set the A record for…
Greg
  • 151
2
votes
1 answer

How to interpret the syntax of "v=spf1 a -all"

I'm using this reference page... http://www.openspf.org/SPF_Record_Syntax ...but I don't know if I'm interpreting the syntax correctly. Are the following scenarios correct? "v=spf1 a -all" a = check DNS A records of the client - = fail all =…
Michael Curtis
  • 125
2
votes
1 answer

Mimecast requires our SPF to include all the Public IP addresses

We are a small business using ISP Bellhosting to host our domain- Our major client just added MIMECAST who now requires we establish our SPF record in our DNS - We did that but our email are still blocked by Mimecast who now requires us to include…
ANDRE
  • 21
2
votes
1 answer

Why does DNSstuff fail but SPF softfail?

Why does this online tool fail the SPF check http://www.dnsstuff.com/tools#spf|type=ipv4&&value=155.133.82.39&&email=fake@gmail.com But an installed Perl SPF check softfails the SPF check? May 9 00:48:49 ip-172-31-15-65 postfix/policy-spf[5905]:…
Chloe
  • 1,174
  • 4
  • 19
  • 36
2
votes
1 answer

SPF: Which IP is being looked at during evaluation?

Let's say I have: public IP address A: sending host public IP address B: mail relay for A public IP address C: receiver MX What IP does C look at? Does he try to find the IP of A in the "Received" headers (e.g. by trying to find the first…
Marki
  • 2,854
1
2 3 4