Category: Before Enabling Filtering Services | Protocol: DNS / Email
SPF (Sender Policy Framework) is a DNS record that specifies which servers are authorized to send emails on behalf of your domain. It helps protect against spoofing and spam.
I — Create the SPF Record (Standard)
Add the following record to your domain’s DNS zone through your registrar:
| Parameter | Value |
|---|---|
| Name | your-domain.com |
| TTL | 10800 |
| Type | TXT |
| Value | v=spf1 include:spf.security-mail.net -all |
Only security-mail.net mail servers will be authorized to send emails from your domain.
II — Verify the Record
From a terminal or command prompt:
nslookup -type=txt your-domain.com
The output must contain:
v=spf1 include:spf.security-mail.net -all
III — Advanced Options (all Mechanism)
| Value | Behavior | Recommended Usage |
|---|---|---|
| -all | Strictly rejects all unauthorized senders | Recommended (production) |
| ~all | Marks unauthorized senders as suspicious (softfail) | Testing phase |
| ?all | Neutral — no policy applied | Diagnostic purposes only |
⚠️ Use ?all only for diagnostic purposes. In production, prefer -all for maximum protection.