What is SPF and how to configure it on a Plesk server?
SPF (Sender Policy Framework) is a system that ensures emails are genuine by comparing them against a TXT list of approved senders. Senders are published in the DNS record. These DNS entries can be trusted because owners and administrators are the only individuals allowed to make them.
A DNS TXT record is created for each A and MX records at Domains > example.com > DNS Settings.
DNS TXT records have the following format:
example.com IN TXT "v=spf1 spf_string"
Here, spf1 is SPF version, and spf_string takes the combination of the so-called mechanisms:
a, ptr, mx, ip4, include, all
Where all is a finalizing mechanism and must be placed at the end. Each mechanism may have a prefix pointing to a certain type of processing messages:
'-' fail (message is rejected)
'~' softfail (message is passed with warning)
'+' pass (message is passed - the default prefix value)
'?' neutral The simplest (and most popular)
An SPF record will look like:
example.com IN TXT "v=spf1 mx -all"
This means that mail from [email protected] can be sent only from its MX record. There can be used other options. If other servers send mail from domain.com, you can describe them by giving “arguments” to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. Example:
"v=spf1 a mx a:example.com -all"
Mail can be sent from its MX and from example.com server.
To set both ipv4 and ipv6 SPF records, the following syntax can be used:
"v=spf1 ip4:XX.XX.XX.XX ip6:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX ~all"
"v=spf1 ip4:203.0.113.2 ip6:2001:db8:f61:a1ff:0:0:0:80 ~all"
(Linux only) To access SPF configuration form, log in to Plesk > go to Tools & Settings > Mail Server Settings and specify the required options in the SPF spam protection section.