Guide To Mail Server Configuration

Guide To Mail Server Configuration

Sender Policy Framework (SPF)

The Sender Policy Framework (SPF) record was created as a way to prevent sender address forgery. It’s an open standard that actsas a form of email authentication. Except, instead of blocking certain email from reaching your inbox, it prevents unauthorizedemail from being sent on your behalf.

By implementing an SPF record, you get to specify which servers are allowed to send emails on your domain’s behalf. This aids in preventing domain spoofing. And as the domain owner, you publish your policy and the receiving server will check (based on the policy) to verify its validity.

SPF Record Example


{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": true,
  "CD": false,
  "Question": [
    {
      "name": "zerobounce.net.",
      "type": 99
    }
  ],
  "Answer": [
    {
      "name": "zerobounce.net.",
      "type": 99,
      "TTL": 299,
      "data": "\"v=spf1 ip4:185.25.156.0/24 include:_spf.google.com include:mail.zendesk.com include:spf.tapfiliate.com -all\""
    }
  ]
}

How do I set up my SPF Record?

You can use ZeroBounce SPF Record Generator to quickly set yours up.

Once you’ve created your SPF Record, you’ll need to add it to your DNS records. Your DNS records may be managed by yourhosting company, on your own servers or a third-party provider.

TXT (TYPE 16) or SPF (TYPE 99) Records types in DNS

Please note: SPF (TYPE 99) is now obsolete

When the standard was introduced, your SPF record was stored as a TXT record (TYPE 16). In 2005, a new standard wasintroduced, SPF (TYPE 99). Originally SPF was created to supersede the original TXT record. However, mail servers reverted tothe original TXT record and SPF (TYPE 99) became obsolete.

Now, even though SPF (TYPE 99) is obsolete, it’s still recommended to have the records present. If your Authentication Stringcontains both TYPE 99 and TYPE 16, you’ll be considered “SPF-Compliant”. If you only have TYPE 16, you’ll be considered“Compliant”.

DomainKeys (DKIM)

DomainKeys is a deprecated email authentication protocol developed by Yahoo. It was created to verify the message integrityfrom any given sender’s domain name.

DomainKeys was superseded by the DomainKeys Identified Mail (DKIM) email authentication method. Even though this standard issuperseded, many mail servers (old and new) still use this standard, and if you have the option, you should implement it.

Contents