If you are using a hosting provider, the process is fairly straightforward, and you should reference their supporting documentation. If you are uncertain, you may wish to contact your IT provider for support. Note: Your new SPF record can take up to 48 hours to go into effect.
Start by gathering a list of all your domains, as each SPF record refers to a specific domain. You will also need to identify everything that sends email from your domain s , including sources third-parties that send emails on behalf of your domain. This includes:. This is a basic overview of what an SPF record can contain.
You can find a deeper look into SPF syntax here. If domain is not specified, the current-domain is used. The A records have to match the client IP exactly, unless a prefix-length is provided, in which case each IP address returned by the A lookup will be expanded to its corresponding CIDR prefix, and the client IP will be sought within that subnet. Invalid hostnames are discarded.
If a valid hostname ends in domain, this mechanism matches. If at all possible, you should avoid using this mechanism in your SPF record, because it will result in a larger number of expensive DNS lookups. Perform an A query on the provided domain. If a result is found, this constitutes a match. It doesn't matter what the lookup result is — it could be When you use macros with this mechanism, you can perform RBL-style reversed-IP lookups, or set up per-user exceptions.
In the following example, the client IP is 1. The specified domain is searched for a match. If the lookup does not return a match or an error, processing proceeds to the next directive. Warning: If the domain does not have a valid SPF record, the result is a permanent error. Some mail receivers will reject based on a PermError. Trust relationships — The " include: " mechanism is meant to cross administrative boundaries. Great care is needed to ensure that " include: " mechanisms do not place domains at risk for giving SPF Pass results to messages that result from cross user forgery.
Unless technical mechanisms are in place at the specified otherdomain to prevent cross user forgery, " include: " mechanisms should give a Neutral rather than Pass result. This is done by adding "? The example above would be:. In hindsight, the name "include" was poorly chosen. This is usually used as the last mechanism which defines how to handle any sender IP that did not match the previous mechanisms. Modifiers should appear at the end of the SPF record.
A modifier may not appear more than once and unrecognized modifiers are ignored. The redirect modifier is used to point to another SPF record to use for processing. This is used when you have multiple domains and want to apply the same SPF content across those multiple domains. Redirects should only be used if you control both domains, otherwise an include is used. The exp modifier is used to provide an explanation in case of a - fail qualifier is present on a mechanism that is matched.
0コメント