Using an SPF record, you can register computers and servers in your DNS zone that are authorised to send email. The purpose of the sender policy framework (SPF) is to prevent the fraudulent use of sender addresses in emails.
An SPF record is captured as a TXT record to the domain, providing an SPF record. The SPF record can contain IP addresses or DNS records (A, AAAA, MX, etc.). A useful SPF record starts with
v=spf1, followed by the authorised server and the closing instructions on what to do with unlisted servers.
The example below allows servers listed in the MX and A-record of the sender domain and the servers of our email system, and instructs the recipient to reject any mails originating from all other servers that have this sender domain:
v=spf1 mx a include:spf.nine.ch -all
Instructions preceded by a minus (-) exclude the listed servers. In contrast, servers preceded by a plus (+) are allowed. Note that the plus sign (as in the above example) can also be omitted.
Creating an SPF record in the Cockpit
- Log into the Cockpit
- Go to the DNS tab
- Open the DNS zone
- Create a new TXT record and enter the SPF instructions