SPF stand for Sender Policy Framework record. An SPF record is a type of Domain Name
Service (DNS) record that identifies which mail servers are permitted to
send email on behalf of your domain.
Sender Policy Framework (SPF) is a method of fighting spam. As more time passes, this protocol will be used as one of the standard methods of fighting spam on the Internet. An SPF record is a TXT record that is part of a domain's DNS zone file. The TXT record specifies a list of authorized host names/IP addresses that mail can originate from for a given domain name. Once this entry is placed within the DNS zone, no further configuration is necessary to take advantage of servers that incorporate SPF checking into their anti-spam systems. This SPF record is added the same way as a regular A, MX, or CNAME record.
You would create the following rule and add it to a TXT record:
Each part of the record is defined as follows:
Host spf in dns forward zone file.
[root@master ~]# vim /var/named/zmailtech.com.zone
[root@master ~]# cat /var/named/zmailtech.com.zone
$TTL 1D
@ IN SOA ns1.zmailtech.com. admin.zmailtech.com. (
2017121501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.zmailtech.com.
ns1 IN A 192.168.10.2
master IN A 192.168.10.2
mail IN A 192.168.10.2
;CNAME Record
www IN CNAME master.zmailtech.com.
ftp IN CNAME master.zmailtech.com.
smtp IN CNAME mail.zmailtech.com.
;MX Record
zmailtech.com. IN MX 10 mail.zmailtech.com.
zmailtech.com. IN MX 20 smtp.zmailtech.com.
;spf recrod
zmailtech.com. IN TXT "v=spf1 a:192.168.10.2 mx:mail.zmailtech.com ptr:master.zmailtech.com -all"
[root@master ~]#
Restart Named service.
[root@master ~]# systemctl restart named
Check SPF Record with dig command
[root@master ~]# dig TXT zmailtech.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> TXT zmailtech.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48308
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zmailtech.com. IN TXT
;; ANSWER SECTION:
zmailtech.com. 86400 IN TXT "v=spf1 a:192.168.10.2 mx:mail.zmailtech.com ptr:master.zmailtech.com -all"
;; AUTHORITY SECTION:
zmailtech.com. 86400 IN NS ns1.zmailtech.com.
;; ADDITIONAL SECTION:
ns1.zmailtech.com. 86400 IN A 192.168.10.2
;; Query time: 0 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Tue Jan 23 23:52:45 IST 2018
;; MSG SIZE rcvd: 162
[root@master ~]#
Sender Policy Framework (SPF) is a method of fighting spam. As more time passes, this protocol will be used as one of the standard methods of fighting spam on the Internet. An SPF record is a TXT record that is part of a domain's DNS zone file. The TXT record specifies a list of authorized host names/IP addresses that mail can originate from for a given domain name. Once this entry is placed within the DNS zone, no further configuration is necessary to take advantage of servers that incorporate SPF checking into their anti-spam systems. This SPF record is added the same way as a regular A, MX, or CNAME record.
You would create the following rule and add it to a TXT record:
"v=spf1 a:192.168.10.2 mx:mail.zmailtech.com ptr:master.zmailtech.com -all"
Each part of the record is defined as follows:
-
v=spf1sets the SPF version being used.
-
mxallows the domain’s MX details to send email.
-
a, ptrallows the a and ptr details to send email.
-
-allindicates that servers that are not listed previously are not authorized to send email. If an unauthorized server does send email, action is taken according to the receiving mail server’s own policy (for example, delete the email or mark it as spam).
all setting is an important aspect of the record and has the
following basic markers:-
-all- Any server not previously listed is not authorized to send email, no questions asked.
-
~all- If mail is received from a server that is not previously listed, it is marked as a soft fail, which allows the email to be scrutinized further.
-
+all- Allow any server to send email from your domain. Naturally, you should never use this option.
Host spf in dns forward zone file.
[root@master ~]# vim /var/named/zmailtech.com.zone
[root@master ~]# cat /var/named/zmailtech.com.zone
$TTL 1D
@ IN SOA ns1.zmailtech.com. admin.zmailtech.com. (
2017121501 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.zmailtech.com.
ns1 IN A 192.168.10.2
master IN A 192.168.10.2
mail IN A 192.168.10.2
;CNAME Record
www IN CNAME master.zmailtech.com.
ftp IN CNAME master.zmailtech.com.
smtp IN CNAME mail.zmailtech.com.
;MX Record
zmailtech.com. IN MX 10 mail.zmailtech.com.
zmailtech.com. IN MX 20 smtp.zmailtech.com.
;spf recrod
zmailtech.com. IN TXT "v=spf1 a:192.168.10.2 mx:mail.zmailtech.com ptr:master.zmailtech.com -all"
[root@master ~]#
Restart Named service.
[root@master ~]# systemctl restart named
Check SPF Record with dig command
[root@master ~]# dig TXT zmailtech.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> TXT zmailtech.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48308
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zmailtech.com. IN TXT
;; ANSWER SECTION:
zmailtech.com. 86400 IN TXT "v=spf1 a:192.168.10.2 mx:mail.zmailtech.com ptr:master.zmailtech.com -all"
;; AUTHORITY SECTION:
zmailtech.com. 86400 IN NS ns1.zmailtech.com.
;; ADDITIONAL SECTION:
ns1.zmailtech.com. 86400 IN A 192.168.10.2
;; Query time: 0 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Tue Jan 23 23:52:45 IST 2018
;; MSG SIZE rcvd: 162
[root@master ~]#
