Sender Policy Framework (SPF) record is a type of DNS record used to specify which IP addresses and hosts are authorized to send mail for a domain. SPF records are always TXT records.
Questions tagged [spf]
47 questions
11
votes
4 answers
Make postfix reject incoming email spoofed as from my own domain
I have a postfix server correctly configured to allow incoming mail to my domain, and to require authentication in order to send mail to any other network.
A lot of spam that I get has a forged "from" address of non-existent users at my own domain. …
dataless
- 743
6
votes
1 answer
Google MX check bogus error? Every name server must reply with exactly the same TXT records
was using this tool, https://toolbox.googleapps.com/apps/checkmx/, to check my domain and it reports this error:
Every name server must reply with exactly the same TXT records.
my domain has multiple TXT records and a dig check verified that all…
rvh
- 73
5
votes
2 answers
Sending mails from Outlook: SPF fails
In our Server we've implemented SPF and opendkim. The IP of our server is 85.214.95.200. SPF and opendkim verification works as expected.
The problem is with one of our users. I don't know the reason, but when receiving emails from them to my…
ABu
- 225
4
votes
3 answers
What does a "-all" do in an included (secondary) SPF record?
In an SPF record, the -all option means “I am whitelisting just the machines/domains I am explicitly listing here, and no other servers can originate email for this domain.”
So what does it mean when one uses the include: option in an SPF record to…
Codeswitcher
- 272
3
votes
3 answers
GMail SMTP rejects email from my domain, claiming it is a "security risk" if I haven't authenticated
This evening I sent an email to a Cornell University address of someone, following a website interaction; I'd not written him before. I got this in reply from MAILER-DAEMON@cornell.edu (anonymized):
(expanded from
…
einpoklum
- 10,666
3
votes
1 answer
SPF type ptr discouraged? Then what should I use?
I'm trying to setup a mail server and then on mxtoolbox.com I was told:
Your domain's SPF record includes a sender mechanism type of PTR. The use of this mechanism is heavily discouraged per RFC4408 as it is slow and unreliable. Per email delivery…
Christopher Thomas
- 183
- 1
- 7
3
votes
2 answers
How to configure a long SPF record for UDP?
I have an SPF TXT DNS record that's too long to be served via UDP. It validates over TCP, but that's not as performant as UDP. I know that TXT records can be broken into multiple lines. How should they be formatted?
ponies
- 201
2
votes
1 answer
Sender Policy Framework when using Smart Host
The reading I have done on SPF is terribly confusing, and the SPF examples I have seen use IP addresses and not domain names. I would like to know how to create an SPF record with domain names (not IP addresses), and how to specify a smart host.
For…
jww
- 12,722
2
votes
2 answers
DKIM & SPF Allignment for Subdomains
We have a primary domain name example.com that has both adkim=s and aspf=s defined in its DMARC policy. Now, we have multiple subdomain names for this primary domain, such as postman.example.com. The subdomain has SPF, DKIM and DMARC TXT records in…
Granwille
- 56
2
votes
1 answer
Is this how I indicate that only my MX IP is authorized to send email for this domain?
I would have a TXT record as such:
v=spf1 mx -all
which translates as "only my MX IP is authorized to send email for this domain"?
NOTE: I don't want A records to be able to do so, since my web host is the A record IP address owner. And there…
Mordachai
- 143
2
votes
1 answer
If "a:domain.com" is used, would it include emails sent from *@subdomain.domain.com address?
Supposedly I have example.com domain and would like it to allow mails sent from subdomain.domain.com.
If the spf record should verify emails sent from *@subdomain.domain.com address (or mailed-by: subdomain.domain.com), would "v=spf1 a:domain.com…
Savvas Radevic
- 1,134
2
votes
1 answer
Why my emails go to junk folder?
I registered a new .xyz domain name a few days ago. The domain name was never registered by others before. I set up a postfix server on a clean ip(checked its reputation). I set up SPF, DKIM, and reverse DNS. I composed a simple email(subject: hello…
peter
- 403
2
votes
0 answers
Is it possible to have Outlook 2013/2010 display an SPF warning?
I have recently setup SPF and DKIM on my mail server. This works as expected, and during testing when sending emails to my gmail account, Gmail displays a warning if the addresses don't match or the mail server isn't authorized. It looks like…
2
votes
1 answer
SPF and Reply-To header
I found that SPF record are checked according to From sender's domain.
Is this supposed to be used also for Reply-To header or may I put in the Reply-To address what I want?
Tobia
- 2,403
1
vote
0 answers
Implementing rules in Outlook to filter out emails that fail SPF, DKIM, DMARC
My personal email account username@outlook.com (i.e., I don't own a domain, so I have restrictions on implementing policy) was recently spoofed (or at least I recently noticed it), to where it appears falsely as being sent from my account to…
MSIS
- 125