Question

What is SPF and how to configure it on a Plesk server?

Answer

SPF (Sender Policy Framework) is a system that ensures emails are genuine by comparing them against a TXT list of approved senders. Senders are published in the DNS record. These DNS entries can be trusted because owners and administrators are the only individuals allowed to make them.

 

A DNS TXT record is created for each A and MX records at Domains > example.com > DNS Settings.

DNS TXT records have the following format:

example.com IN TXT "v=spf1 spf_string"

Here, spf1 is SPF version, and spf_string takes the combination of the so-called mechanisms:

a, ptr, mx, ip4, include, all

Where all is a finalizing mechanism and must be placed at the end. Each mechanism may have a prefix pointing to a certain type of processing messages:

'-' fail (message is rejected)
'~' softfail (message is passed with warning)
'+' pass (message is passed - the default prefix value)
'?' neutral The simplest (and most popular)

 

An SPF record will look like:

example.com IN TXT "v=spf1 mx -all"

This means that mail from john_doe@example.com can be sent only from its MX record. There can be used other options. If other servers send mail from domain.com, you can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. Example:

"v=spf1 a mx a:example.com -all"

Mail can be sent from its MX and from example.com server.

To set both ipv4 and ipv6 SPF records, the following syntax can be used:

"v=spf1 ip4:XX.XX.XX.XX ip6:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX ~all"

E.G:

"v=spf1 ip4:203.0.113.2 ip6:2001:db8:f61:a1ff:0:0:0:80 ~all"

 

(Linux only) To access SPF configuration form, log in to Plesk > go to Tools & Settings > Mail Server Settings and specify the required options in the SPF spam protection section.