Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [spf]

Sender Policy Framework is a standard by which the owner of a domain uses a specially formed DNS record to advertise which hosts are authorized to send email for the domain.

Sender Policy Framework (SPF) is a technique to prevent e-mail sender address forgery. With SPF system administrators add information about allowed senders for particular domain in a DNS server's TXT and/or SPF record.

Please have a look at the canonical question What are SPF records and how do I configure them.

869 questions
6
votes
2 answers

SPF softfail for forwarded emails to Gmail account

I've been able to make SPF pass on all the sent emails from my Postfix server. But for forwarded domains which simply redirect email to my gmail id I see softfail in the SPF. For example if I send email from a hotmail account to…
user5858
  • 263
  • 1
  • 5
  • 17
6
votes
1 answer

Why is SPF being validated against my mail server's IP instead of sender's IP?

I have a mail server "example.com" which forwards all emails with recipient "me@example.com" to "me@gmail.com". My mail server runs Postfix and it uses the virtual_alias_maps mechanism to perform the forwarding. I also have SPF records installed for…
Hongli Lai
  • 2,222
  • 4
  • 23
  • 27
6
votes
1 answer

Should SPF records provided by ISPs contain "all" at the end?

This seems obvious or something I just don't understand. I want to build SPF records for my clients. Most of the email providers provide an SPF record that I can "include" in mine, but they all include ~all or -all at the end. Does this mean that…
Waivej
  • 61
  • 1
6
votes
5 answers

Hotmail Sender ID always fails with "temperror" regardless of SPF

When we send mail to Hotmail servers, they do not recognize our Sender ID. In the receiving mail source, it reads Authentication-Results: hotmail.com; sender-id=temperror ... when it should say pass as with every other one. Therefore our legitimate…
Tom
  • 61
  • 1
  • 2
6
votes
3 answers

What's wrong with my SPF?

When I receive an email on Google from my domain ("mail.gramma.ro") I see this in the headers: Received-SPF: softfail (google.com: best guess record for domain of transitioning cristi@gramma.ro does not designate 213.133.103.5 as permitted sender)…
user22817
  • 215
  • 4
  • 11
6
votes
3 answers

How to reject/detect emails claiming to be from my own domain?

We have following e-mail topology: Exchange server --------- Sendmail server ---------------Internet On sendmail server there is no any user mailbox and messages with sender address user@my.domain.com can arrive only from exchange server and never…
user71061
  • 501
  • 2
  • 10
  • 22
6
votes
3 answers

SMTP host name vs. domain in "From:" address vis-a-vis Email Deliverability

I'm trying to implement (or make sure that I'm correctly following) email sending best practices to improve deliverability, but the role of the smtp server's host name vs the domain name of the From: email address seems to be unclear, even after…
Jared Duncan
  • 61
  • 1
  • 2
6
votes
3 answers

Why is my SPF Record not working?

A spammer is using my domain to send spam, and I'm receiving a large amount of bounced email. I have an SPF record on the domain, however it doesn't appear to be having any effect. Receiving MTA's seem to be claiming my domain is neutral about all…
James Davies
  • 273
  • 2
  • 3
  • 6
6
votes
4 answers

Do I need SPF, and how do I set it up?

I've read that SPF is a way to ensure that spam sent in my name is evidently fake, and I'd like to use that. How do I set up SPF? Or is it already in effect? I have two domains hosted on Dreamhost.com, and I use Google Apps to read mail on both…
Torben Gundtofte-Bruun
  • 1,174
  • 2
  • 10
  • 16
6
votes
2 answers

What are DNS TXT records and why are they needed

I am creating a server with a primary nameserver and mutliple domains. Do i need to make TXT records for all the domain, they all have there own email, but use the mailserver from the primary. EDIT: I am currently on a server running CentOS and…
Saif Bechan
  • 10,960
  • 10
  • 42
  • 63
6
votes
1 answer

Which has bigger priority between DMARC and SPF?

First off let me start by saying I understand DMARC and SPF do not do the same thing. However both have an option to tell the receiving servers what to do with mails that do not pass SPF (and DKIM in the case of DMARC). Now let’s have a theoretical…
Frizlab
  • 163
  • 3
6
votes
2 answers

How can I create and update the existing SPF record to allow more than 10 entries?

How can I include another SPF record if my existing domain already has 10 lines of SPF records in the TXT record? I wanted to add these two: include:mailgun.org include:sendgrid.net This is my existing SPF record: v=spf1 a mx ptr…
Senior Systems Engineer
  • 1,275
  • 2
  • 33
  • 62
6
votes
1 answer

Mail from Teams forwarded to Gmail marked as spam due to DMARC failure

When I write a chat message in Microsoft Teams the receiver gets an e-mail notification on her Office 365 account (receiver@htlvb.at) when she is offline in Teams. The receiver set it up so that all her mails are forwarded to her personal Gmail…
Johannes Egger
  • 173
  • 1
  • 6
6
votes
2 answers

What's the benefit of SPF HELO Identity

I'm try to understand the benefit of the HELO Identity defined in RFC7208 (SPF). There is a mail server, let's say mail.example.com. This server is used as relay for different domains. In Section 2.4: SPF verifiers MUST check the "MAIL FROM"…
Alex
  • 63
  • 4
5
votes
2 answers

Postfix: ACCEPT if RBL and SPF checks pass, DUNNO/greylist otherwise. How to do it?

I would like to accept all clients that pass RBL and SPF checks (and possibly some checks, but these are minimum requirements for me), and greylist those who don't. When a client passes the SPF check (SPF record exists, no fail, no soft-fail), we…
michau
  • 51
  • 6
1 2 3
57 58