Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [spf]

Sender Policy Framework is a standard by which the owner of a domain uses a specially formed DNS record to advertise which hosts are authorized to send email for the domain.

Sender Policy Framework (SPF) is a technique to prevent e-mail sender address forgery. With SPF system administrators add information about allowed senders for particular domain in a DNS server's TXT and/or SPF record.

Please have a look at the canonical question What are SPF records and how do I configure them.

869 questions
243
votes
3 answers

How to include multiple domains in an spf TXT Record

I am looking to setup a TXT spf record that has 2 included domains... individually: v=spf1 include:_spf.google.com ~all and v=spf1 include:otherdomain.com ~all What is the proper way of combining them into a single item?
tgriesser
  • 2,822
  • 2
  • 17
  • 10
111
votes
6 answers

Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?

This is a Canonical Question about Fighting Spam. Also related: How to stop people from using my domain to send spam? What are SPF records, and how do I configure them? There are so many techniques and so much to know about fighting SPAM.…
Chris S
  • 77,945
  • 11
  • 124
  • 216
86
votes
3 answers

Multiple TXT fields for same subdomain

I would like to understand if multiple TXT records for the same subdomain are ok or could lead to issues. In particular, we have the requirement for one SPF record and one Google Domain Verification record on the root domain. In AWS Route 53 they…
chrisvdb
  • 1,279
  • 2
  • 12
  • 15
80
votes
6 answers

Do SPF Records For Primary Domain apply to subdomains?

I have a quick question regarding SPF records: Do they need to be present for all subdomains? Lets say that I have a TXT record with SPF info for domain.com Let's also say that I have a seperate email domain for subdomain.domain.com Will the SPF…
Mike B
  • 11,871
  • 42
  • 107
  • 168
58
votes
2 answers

What are SPF records, and how do I configure them?

This is a canonical question about setting up SPF records. I have an office with many computers that share a single external ip (I'm unsure if the address is static or dynamic). Each computer connects to our mail server via IMAP using outlook.…
vulgarbulgar
  • 739
  • 1
  • 8
  • 14
56
votes
4 answers

How to specify multiple included domains in SPF record?

Our business email is hosted on Google apps. In addition, our web server may also send email. Currently our SPF record in DNS looks like this: domain.com. IN TXT "v=spf1 a include:_spf.google.com -all" This is all fine, however now we've…
Aleks G
  • 936
  • 2
  • 8
  • 18
42
votes
7 answers

Is it becoming impossible to be a small mail provider?

I operate a small mail server for my private emails, some friends who have websites and two NGOs. In total my server sends between 60 and 400 messages a day. Now a lot of these emails are personal mails, between two or more people who know each…
Stefan Seidel
  • 722
  • 1
  • 8
  • 20
39
votes
6 answers

Are SPF records legacy?

I am responsible for a domain which has an SPF record as recommended by various other services that send mail on this domain's behalf. When setting up Mailchimp, I was surprised to find no documentation on Mailchimp's recommended SPF setup. When I…
RomanSt
  • 1,207
  • 1
  • 15
  • 32
38
votes
4 answers

Is using SOFTFAIL over FAIL in the SPF record considered best practice?

Or put another way, is using v=spf1 a mx ~all recommended over using v=spf1 a mx -all? The RFC does not appear to make any recommendations. My preference has always been to use FAIL, which causes problems to become apparent immediately. I find that…
Michael Kropat
  • 859
  • 2
  • 8
  • 16
35
votes
3 answers

Remove "via" from emails sent to Gmail from Amazon SES

When sending emails from Amazon SES, gmail shows "sent via amazonses.com". How do I remove this? According to Google, I'm a sender and I don't want my recipients to see the "via" link. What can I do? Gmail checks whether emails are correctly…
csi
  • 1,555
  • 7
  • 23
  • 42
29
votes
2 answers

Is the 10-DNS-lookup limit in the SPF spec typically enforced?

My understanding is that the SPF spec specifies an email receiver shouldn't have to do more than 10 DNS lookups in order to gather all the allowed IPs for a sender. So if an SPF record has include:foo.com include:bar.com include:baz.com and those…
John Bachir
  • 2,364
  • 7
  • 29
  • 37
28
votes
4 answers

Best Practices for preventing you from looking like a spammer

I'd like to feel more confident setting up mail for my clients with regards to false positives. Here's what I know: SPF records are good, but not every spam filter service/software (SFSS) uses them. reverse DNS (PTR) records are pretty much a…
gravyface
  • 13,957
  • 19
  • 68
  • 100
26
votes
3 answers

SPF vs. DKIM - The exact use cases and differences

I'm sorry for the vague title. I don't fully understand why SPF and DKIM should be used together. First: SPF can pass where it should fail if the sender or DNS is "spoofed" and it can fail where it should pass if some advanced setup of proxies and…
deleted user 42
  • 363
  • 1
  • 3
  • 6
25
votes
1 answer

Multiple SPF records for multiple domains

We have recently started using Office 365 for our email, which requires us to add a DNS TXT record with the value v=spf1 include:spf.protection.outlook.com -all. We already have an SPF record with the value v=spf1 include:spf.mandrillapp.com ?all…
Swisher Sweet
  • 617
  • 2
  • 9
  • 19
23
votes
5 answers

Does DKIM alone not solve the spam issue? Why do I need SPF?

FINAL EDIT : I was completely wrong about DKIM it seems, the signing domain does not have to be the same as the sender domain, thus the whole premise for my question is flawed. A lot of thanks to Paul for pointing out my mistake! Original Question…
cornergraf
  • 491
  • 1
  • 4
  • 8
1
2 3
57 58