SPF Records for IVS-hosted Mail Service

From IdentityVectorSolutionsWiki
Revision as of 13:13, 5 May 2012 by Phil (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Sender Policy Framework, or SPF, is a system that is designed to provide some level of check against the authenticity of an email. Essentially, it aims to assist mail servers in determining whether or not a particular email message was sent from an 'authorized source' on the Internet, so the server can reject forgeries. While the standard is still in "experimental" status, it offers a significant benefit to those using it today. Note that SPF does not protect your own email account from incoming spam, it does help to protect your domain from being blamed for spam forged to look like it came from you.
Mail servers across the Internet can be configured to either reject that traffic, to invisibly mark that mail as suspect, or to do nothing at all. This is a key point of SPF - it is just an advisory protocol. SPF does not "delete mail" or cause any action to occur. It merely advises servers who care to investigate the SPF records on whether the mail is likely to be legitimate or forged. Any actions taken are done on the receiving server, at the direction of that server's operator.

SPF Usage

First, ensure that your domain's "MX" records are correct. You should have only one MX record, with Priority=0, Host=@, Server=mail.identityvector.com. ("Server" may also be "Goes to", "Target", or another label.)

Next, create a TXT record, with the "host" field containing your domain name, and the "TXT value" field containing the following: "v=spf1 a mx ~all". This will allow the server(s) listed as your MX records (in this case, mail.identityvector.com) to send mail on behalf of your domain, and tell other servers on the Internet that any other server purporting to be transferring mail from an account at your domain is likely forging traffic.

Possible Pitfalls

If you utilize an SPF record for your domain, all of your mail should be sent through the IVS SMTP server. If, for example, you use your own ISP's mail server to send out e-mail, but the SPF record indicates that only the IVS server should be performing that activity, you may see messages be dumped. The IVS supported configurations for mail client configuration as documented on this wiki all relay mail through the IVS servers, and will permit SPF-enabled domains to behave as they should.