SPF for web-server

Sender Policy Framework is an extension for email sending  with SMTP protocol. It was created as a means of struggling with spam. It’s function is to indicate whether the sender of an email from a certain domain is authorized for such sending. If you use email hosting or even free mail services, then you most likely will not have to deal with SPF, since SPF can already be configured by the host. But, if you have also your own site (and even your own web server), you can send emails from this site (for example, through a form, or any notifications of users).

How it works?

It’s pretty simple, in DNS records for your domain, you need to create a TXT record with the names of the servers or IP addresses that are allowed to be sent on behalf of your domain. Consider the example – I have a domain sysopnotes.net. I keep mail for this domain on Gmail. Also I have a website – www.sysopnotes.net, with which I can send letters / notifications to me or users. In order for mail with @sysopnotes.net addresses to be delivered smoothly both from Gmail and from my site, I need to create an SPF record. My domain is hosted on GoDaddy, so I logged in there to my account, then “My Domains” and there I select “DNS Management”

Then I click the Add button. Next, you need to select the record type -TXT, the host – in my case, enter @, which means the entry for the domain itself, and not for the subdomains. And as the value, I entered: v = spf1 mx a ip4: a: server170.web-hosting.com include: _spf.google.com ~ all.

Let me explain – here we say that this is the SPF record version 1 (at the moment) – “v = spf1”, mail from this domain could be sent tby he servers specified in MX records for the domain – “mx”, the servers specified in A- records for the domain – “A”, the server with the IP address (the web server where the site is located), the server with the name server170.web-hosting.com (the same web server), and also we recommend to contact Google DNS records that tell which their servers have the right to send mail from my domain (as I said earlier, my domain’s mail goes through Gmail). TTL can be left by default. That’s it, save and see that the entry was added:

As a result, for those mail systems that will receive email from our domain, we reported that not only mail servers serving our domain (for example, Gmail) can send emails with our domain address, but the server where our website is located could send emails as well. Tthis could be necessary quite often, since Google itself as well as Microsoft (which are outlook.com, live.com, etc.) and many others check the SPF record when receiving messages and if it is not set up for the website then the messages could be lost or at least they will fall into the Spam or Junk Mail folder. So that it could happen that users of your site or you will not receive email from the site, although you use your mail system directly.

Before making changes to DNS, do not forget to check the correctness of your SPF record, for example here. This service will show if you have errors in the SPF statement.

More details about the syntax of the SPF record can be found here.


Напишите комментарий

Your email address will not be published. Required fields are marked *