SPF Record: Difference between revisions

Back up to the Email Category
From AAISP Support Site
mNo edit summary
mNo edit summary
 
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<indicator name="Faults">[[File:Menu-email.svg|link=:Category:Email|30px|Back up to the Email Category]]</indicator>
<indicator name="Faults">[[File:Menu-email.svg|link=:Category:Email|30px|Back up to the Email Category]]</indicator>

Also see [[DKIM]]


SPF = Sender Policy Framework
SPF = Sender Policy Framework
Line 8: Line 10:
Many of the large email providers (Gmail, Yahoo, Office 365) are getting picky about accepting email that has no 'validation' mechanisms. Even if your email is not spam or junk they may treat it as so and either reject the message or put it in the recipients junk folder.
Many of the large email providers (Gmail, Yahoo, Office 365) are getting picky about accepting email that has no 'validation' mechanisms. Even if your email is not spam or junk they may treat it as so and either reject the message or put it in the recipients junk folder.


However, customers can add a SPF record to their domain to help get their messages through. In short, an SPF record says which email servers are allowed to send messages from you.
Whilst we don't provide DMARK or DKIM features on our email service customers are are welcome to use their own email servers and configure them as they wish.


Typically, our customers would use <code>smtp.aa.net.uk</code> to send email - however '''thought must be given to other servers that may also send email from your domain - eg you may have a 3rd party web server or some other service that sends email on our behalf - these would want to be included too.''' In these cases, you'd add the IP addresses as: ip4:x.x.x.x and/or ip6:xxxx:xxxx:xxxx::xxxx
However, customers may be able to add a SPF record to their domain to help get their messages through. In short, an SPF record says which email servers are allowed to send messages from you.

Typically, our customers would use <code>smtp.aa.net.uk</code> to send email - however thought must be given to other servers that may also send email from your domain - eg you may have a 3rd party web server or some other service that sends email on our behalf - these would want to be included too.


To cover the IP addresses of the A&A email servers, you can include <code>_spf_include.aa.net.uk</code>, eg:
To cover the IP addresses of the A&A email servers, you can include <code>_spf_include.aa.net.uk</code>, eg:

v=spf1 mx include:_spf_include.aa.net.uk ~all
v=spf1 mx include:_spf_include.aa.net.uk ~all



This says to accept email from the mx records (<code>mx</code>) and A&A's published list of IP addresses (<code>include:_spf_include.aa.net.uk</code>) , everything else should be marked as possible junk (<code>~all</code>).

This says to accept email from the mx records (<code>mx</code>) and A&A's published list of IP addresses (<code>include:_spf_include.aa.net.uk</code>) , everything else should be marked as possible junk (<code>~all</code>). This should be added as a domain level TXT record (Typically "@" through a control panel).


This is just a brief example of SPF, the record above will be useful to customers who only send email via <code>smtp.aa.net.uk</code>. There are lots of information and SPF 'generators' on the internet. The main thing to do is to test what you have added by looking at the headers of email that has been received by Gmail/O365 etc)
This is just a brief example of SPF, the record above will be useful to customers who only send email via <code>smtp.aa.net.uk</code>. There are lots of information and SPF 'generators' on the internet. The main thing to do is to test what you have added by looking at the headers of email that has been received by Gmail/O365 etc)
Line 34: Line 35:


[[Category:Email]]
[[Category:Email]]
[[Category:Email Features]]
[[Category:Email How to]]

Latest revision as of 12:38, 20 October 2023


Also see DKIM

SPF = Sender Policy Framework

From Wikipedia:

SPF allows the receiving mail server to check during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain's administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain.

Many of the large email providers (Gmail, Yahoo, Office 365) are getting picky about accepting email that has no 'validation' mechanisms. Even if your email is not spam or junk they may treat it as so and either reject the message or put it in the recipients junk folder.

However, customers can add a SPF record to their domain to help get their messages through. In short, an SPF record says which email servers are allowed to send messages from you.

Typically, our customers would use smtp.aa.net.uk to send email - however thought must be given to other servers that may also send email from your domain - eg you may have a 3rd party web server or some other service that sends email on our behalf - these would want to be included too. In these cases, you'd add the IP addresses as: ip4:x.x.x.x and/or ip6:xxxx:xxxx:xxxx::xxxx

To cover the IP addresses of the A&A email servers, you can include _spf_include.aa.net.uk, eg:

v=spf1 mx include:_spf_include.aa.net.uk ~all


This says to accept email from the mx records (mx) and A&A's published list of IP addresses (include:_spf_include.aa.net.uk) , everything else should be marked as possible junk (~all). This should be added as a domain level TXT record (Typically "@" through a control panel).

This is just a brief example of SPF, the record above will be useful to customers who only send email via smtp.aa.net.uk. There are lots of information and SPF 'generators' on the internet. The main thing to do is to test what you have added by looking at the headers of email that has been received by Gmail/O365 etc)

Example, Looking at Gmail headers

You can send an email to a gmail address, and then look at the received headers to see what Gmail think about the SPF records. (In gmail, open the email, click the 3 dots and select show original)

No spf:

ARC-Authentication-Results: i=1; mx.google.com;
      spf=neutral (google.com: 81.187.30.51 is neither permitted nor denied by best guess record for domain of xx@xx.org.uk) smtp.mailfrom=xx@xx.org.uk

With spf

ARC-Authentication-Results: i=1; mx.google.com;
      spf=pass (google.com: domain of xx@xx.com designates 81.187.30.52 as permitted sender) smtp.mailfrom=xx@xx.com