Exchange Server/Create and configure SPF record

Overview

A sender policy framework (SPF) record is a TXT type of DNS record that helps to reduce spam. It lists all the servers authorized to send mail from this domain, and all the organizations are permitted to send emails on behalf of this domain.

If the organization or server is not on the list, the mail server of the target domain will either not be delivered to the recipient or into the JUNK folder.

Configure a SPF record

The most applicable example

 Note:
For most cases, this is enough.

v=spf1 mx -all

• v=spf1
  • Indicates this is an SPF record, it must begin with this string. You can only create one record SPF record associated with a domain.

• mx
  • Authorizes the IP address(es) in the MX record(s).

• -all
  • Indicates the end of an SPF record.

Another record example

 Note:
You can add multiple IP addresses and IP ranges for SPF record.

v=spf1 ip4:10.0.0.0/24 ip4:172.16.0.1 ip6:FD00::1 include:example.com -all

• ip4:10.0.0.0/24
  • Authorizes the server with an IP address between 10.0.0.0 and 10.0.0.255.

• ip4:172.16.0.1
  • Authorizes the server with an IP address 172.16.0.1.
  • If CIDR is not specified, it is taken to be "/32".

• ip6:FD00::1
  • Authorizes the server with an IP address FD00::1.
  • For IPv6, if CIDR is not specified, it is taken to be "/128".

• include:example.com
  • The authorized domain "example.com" can send mail on behalf of this domain.

Do not send mail from this domain

If you have no plans to send emails from this domain, create a record like this to protect your domain:

v=spf1 -all

Add a TXT record to the domain

• Type
  • Select TXT.

• Name
  • To configure the record for the root domain, enter @.
  • To configure the record for the sub domain, enter the sub domain.

Next step

• DKIM and DMARC record
  • Further protect the domain and prevent malicious parties from impersonating senders.