Guide To Mail Server Configuration
Sender Policy Framework (SPF)
The Sender Policy Framework (SPF) record was created as a way to prevent sender address forgery. It’s an open standard that acts as a form of email authentication. Except, instead of blocking certain email from reaching your inbox, it prevents unauthorized email from being sent on your behalf.
By implementing an SPF record, you get to specify which servers are allowed to send emails on your domain’s behalf. This aids in preventing domain spoofing. And as the domain owner, you publish your policy and the receiving server will check (based on the policy) to verify its validity.
SPF Record Example
How do I set up my SPF Record?
You can use the ZeroBounce SPF Record Generator to quickly set yours up.
Once you’ve created your SPF Record, you’ll need to add it to your DNS records. Your DNS records may be managed by your hosting company, on your own servers or a third-party provider.
TXT (TYPE 16) or SPF (TYPE 99) Records types in DNS
Please note: SPF (TYPE 99) is now obsolete
When the standard was introduced, your SPF record was stored as a TXT record (TYPE 16). In 2005, a new standard was introduced, SPF (TYPE 99). Originally SPF was created to supersede the original TXT record. However, mail servers reverted to the original TXT record and SPF (TYPE 99) became obsolete.
Now, even though SPF (TYPE 99) is obsolete, it’s still recommended to have the records present. If your Authentication String contains both TYPE 99 and TYPE 16, you’ll be considered “SPF-Compliant”. If you only have TYPE 16, you’ll be considered “Compliant”.
DomainKeys is a deprecated email authentication protocol developed by Yahoo. It was created to verify the message integrity from any given sender’s domain name.
DomainKeys was superseded by the DomainKeys Identified Mail (DKIM) email authentication method. Even though this standard is superseded, many mail servers (old and new) still use this standard, and if you have the option, you should implement it.
Published Standard: RFC 4870