SPF is Sender Policy Framework.
SPF fights return-path address forgery and makes it easier to identify spoofs. Domain owners identify sending mail servers in DNS. SMTP receivers verify the envelope sender address against this information, and can distinguish authentic messages from forgeries before any message data is transmitted. SPF is implemented at the level of DNS TXT records and SMTP server. Detailed information about SPF record syntax is available at Openspf.org
SPF is included in plans as a regular resource with plan edit wizards. To access SPF configuration form select Mail Servers from the Manager menu > Action > At the bottom of the page you will find SPF/SRS configuration form and set there required options.
Once the SPF resource is enabled in H-Sphere, DNS TXT records will be provided for each A and MX records in Manager->DNS Manager. DNS TXT records have the following format:
domain.com IN TXT "v=spf1 spf\_string"
Here, spf1 is SPF version, and spf_string takes the combination of the so-called mechanisms:
a, ptr, mx, ip4, include, all
Where all is a finalizing mechanism and must be placed at the end. Each mechanism may have a prefix pointing to a certain type of processing messages:
'-' fail (message is rejected) '~' softfail (message is passed with warning) '+' pass (message is passed - the default prefix value) '?' neutral The simplest (and most popular)
SPF record will be:
domain.tld IN TXT "v=spf1 mx -all"
This mean that mail from email@example.com can be sent only from his MX record. There can be used other options. If other servers send mail from domain.com, you can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. Example:
"v=spf1 a mx a:test.com -all"
Mail can be sent from his MX and from test.tld server.