SPF Record: Difference between revisions
mNo edit summary |
mNo edit summary |
||
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
<indicator name="Faults">[[File:Menu-email.svg|link=:Category:Email|30px|Back up to the Email Category]]</indicator> |
<indicator name="Faults">[[File:Menu-email.svg|link=:Category:Email|30px|Back up to the Email Category]]</indicator> |
||
Also see [[DKIM]] |
|||
SPF = Sender Policy Framework |
SPF = Sender Policy Framework |
||
Line 8: | Line 10: | ||
Many of the large email providers (Gmail, Yahoo, Office 365) are getting picky about accepting email that has no 'validation' mechanisms. Even if your email is not spam or junk they may treat it as so and either reject the message or put it in the recipients junk folder. |
Many of the large email providers (Gmail, Yahoo, Office 365) are getting picky about accepting email that has no 'validation' mechanisms. Even if your email is not spam or junk they may treat it as so and either reject the message or put it in the recipients junk folder. |
||
⚫ | |||
Whilst we don't provide DMARK or DKIM features on our email service customers are are welcome to use their own email servers and configure them as they wish. |
|||
⚫ | |||
Typically, our customers would use <code>smtp.aa.net.uk</code> to send email - however thought must be given to other servers that may also send email from your domain - eg you may have a 3rd party web server or some other service that sends email on our behalf - these would want to be included too. |
Typically, our customers would use <code>smtp.aa.net.uk</code> to send email - however '''thought must be given to other servers that may also send email from your domain - eg you may have a 3rd party web server or some other service that sends email on our behalf - these would want to be included too.''' In these cases, you'd add the IP addresses as: ip4:x.x.x.x and/or ip6:xxxx:xxxx:xxxx::xxxx |
||
[[File:Spf-control.png|thumb]] |
|||
To cover the IP addresses of the A&A email servers, you can include <code>_spf_include.aa.net.uk</code>, eg: |
To cover the IP addresses of the A&A email servers, you can include <code>_spf_include.aa.net.uk</code>, eg: |
||
v=spf1 mx include:_spf_include.aa.net.uk ~all |
v=spf1 mx include:_spf_include.aa.net.uk ~all |
||
Line 36: | Line 35: | ||
[[Category:Email]] |
[[Category:Email]] |
||
[[Category:Email Features]] |
|||
[[Category:Email How to]] |
Latest revision as of 12:38, 20 October 2023
Also see DKIM
SPF = Sender Policy Framework
From Wikipedia:
SPF allows the receiving mail server to check during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain's administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain.
Many of the large email providers (Gmail, Yahoo, Office 365) are getting picky about accepting email that has no 'validation' mechanisms. Even if your email is not spam or junk they may treat it as so and either reject the message or put it in the recipients junk folder.
However, customers can add a SPF record to their domain to help get their messages through. In short, an SPF record says which email servers are allowed to send messages from you.
Typically, our customers would use smtp.aa.net.uk
to send email - however thought must be given to other servers that may also send email from your domain - eg you may have a 3rd party web server or some other service that sends email on our behalf - these would want to be included too. In these cases, you'd add the IP addresses as: ip4:x.x.x.x and/or ip6:xxxx:xxxx:xxxx::xxxx
To cover the IP addresses of the A&A email servers, you can include _spf_include.aa.net.uk
, eg:
v=spf1 mx include:_spf_include.aa.net.uk ~all
This says to accept email from the mx records (mx
) and A&A's published list of IP addresses (include:_spf_include.aa.net.uk
) , everything else should be marked as possible junk (~all
). This should be added as a domain level TXT record (Typically "@" through a control panel).
This is just a brief example of SPF, the record above will be useful to customers who only send email via smtp.aa.net.uk
. There are lots of information and SPF 'generators' on the internet. The main thing to do is to test what you have added by looking at the headers of email that has been received by Gmail/O365 etc)
Example, Looking at Gmail headers
You can send an email to a gmail address, and then look at the received headers to see what Gmail think about the SPF records. (In gmail, open the email, click the 3 dots and select show original)
No spf:
ARC-Authentication-Results: i=1; mx.google.com; spf=neutral (google.com: 81.187.30.51 is neither permitted nor denied by best guess record for domain of xx@xx.org.uk) smtp.mailfrom=xx@xx.org.uk
With spf
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of xx@xx.com designates 81.187.30.52 as permitted sender) smtp.mailfrom=xx@xx.com