Web Hosting Articles

  Home arrow Web Hosting Articles arrow Page 3 - SPF: Its Functionality and How To Use ...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

SPF: Its Functionality and How To Use It On Your Server
By: Michael Swanson
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 5

    Table of Contents:
  • SPF: Its Functionality and How To Use It On Your Server
  • SPF Basics
  • Setting Up an SPF Record
  • Implementing SPF on Your Server of Email Client

  • Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article




    SPF: Its Functionality and How To Use It On Your Server - Setting Up an SPF Record

    (Page 3 of 4 )

    SPF records are kept in the DNS listing for a domain.  Since the domain name servers are retrieved from the Top-Level-Domain servers, you are guaranteed that the listing is the correct, authorized record for a domain.  Directly, the record is saved in a TXT DNS record.  A TXT record allows for publishing extra, unclassified data on the DNS system.  This TXT record follows a specific syntax that allows for a server to look-up all of the DNS TXT records for a certain domain and discern the correct one that holds the SPF information. 

    These records generally point to a specific DNS record that points to the DNS records for the servers authorized to send mail.  For a simple domain set-up, you can simply state that the A or MX records contain the correct information, and leave it at that.  However, the SPF framework allows for more complex records to allow easier administration of multiple domains.  In this vein, it is possible to set up SPF records to simply point to the record for a different domain.  This allows an administrator who works on many domains to only edit one actual SPF record and have those changes affect the authorized servers for multiple domains.  In an ISP situation, or a company with multiple domains, this could be particularly useful.  If there is one dedicated email server that handles email for many different domains, it could be very useful to need to change only one SPF record. 

    In addition, if there is an email server which sends mail but doesn’t have an MX or A record in DNS, it is possible to specify IP addresses which are authorized to send mail. 

    The actual syntax of an SPF record has the following structure.  The first element in the TXT record field must give the version specification of SPF that the record uses.  The current version of SPF is simply SPF1.  After this you can specify with a simple “a” or “mx” to allow the servers delineated by those records in your DNS.  That means the servers specified in your DNS record with “A” and “MX” references are also allowed to send email for your server.  If there are specific additional IP addresses that send email, they get added with the “ip4:” or “ip6:” mechanism.  Simply follow the “:” with the CIDR IP address you want included (CIDR means the IP address followed by the number of bits in the subnet mask e.g.  You can also use the “include:” to specify other domains SPF records to be included as authorized senders for your domain.  For instance, if you sometimes send email through an ISP or work server, you may want to add their domains in an “include:” record.  Finally, you should end with either a “-all” or “~all”.  “-all” specifically fails all mail coming from IP addresses not specified in the SPF record and means receiving servers should not accept it.  “~all” means to “softfail” all mail coming from unauthorized IP addresses.  This means the domain owner is not willing to truly fail all mail coming from other IP’s, but that mail should be subjected to closer examination or flagged as possibly bad.

    Some example records might look like:

    atlantisvalley.com    IN TXT    “v=spf1 a mx –all”
    atlantisvalley.com    IN TXT    “v=spf1 a mx include:mydomain.com ~all”
    atlantisvalley.com    IN TXT    “v=spf1 redirect:mydomain.com -all”

    The redirect record here tells anyone looking up this SPF record to use the record for “mydomain.com” as the SPF record for atlantisvalley.com.

    More Web Hosting Articles Articles
    More By Michael Swanson


    - Top Wordpress Plugins for SEO
    - Top Drupal Evaluation and Rating Modules
    - Free Network Monitoring Programs for Max Per...
    - E-store Hosting: Free Options for Beginners
    - Dropbox: The Ultimate File-Sharing and Synci...
    - Reviewing the Best Free Web Hosting Sites
    - Businesses Turn to Reseller Web Hosting for ...
    - Multiple Data Center Hosting
    - Web Hosting Goes Green
    - Web Hosting Technology Overview
    - Collaborate: An Examination of Tools for Gro...
    - Social Networking Security
    - Domain Names 101
    - Top Software to Help Manage Your Websites
    - The Evolution of Phishing

    Developer Shed Affiliates


    © 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap