Sender Policy Framework simply called as SPF is defining a policy who, which are servers can send mails from the domain. It will be very useful to the large and Medium Scale companies to avoid Spoofing attacks from the spammers but now a days small scale companies also started to use the SPF Records.
How Does it Works?
An Example, XYZ.COM the valid company and has the good market value. bank.com is another financial company which provides loans to the companies based on their companies Manager Mail Approval.Here Spammers knows this and spoofs send spam mail to the bank.com as Valid XYZ.COM Sender. So what will happen Bank.com trusts the mail and approves.
To Avoid this, XYZ.COM designating or authorizing it’s sending IP Addresses which BANK.COM can check the SPF record of XYZ.COM and allow if it came from the proper addresses and reset of the Spam mails can be avoided.
How to create SPF Record?
SPF is simple TXT Record which will be created in ISP level. Normally SPF record will look like the below one
windowstechpro.com. IN TXT “v=spf1 mx a ip4:192.168.2.1/24 ip4:192.168.50.50 a:Edge01.wipro.com include:windeliver.com ~all”
let me break the above one,
v=spf1 Header which tells that this is SPF Record
MX MX Records whatever available for this domain
a A Records which are available for the domain
ip4 IPv4 Addresses. here you can IP Range or single Ip Address.
a:Edgeo1 Name Spaces which can send mails normally it will be FQDNs
Include It will be other domains which are also can send emails.
~ which will guides receipent apart from desingnated Addresses whatever fails are coming that can be soft fail to quarantine.
For the detailed Syntax of SPF is well explained Here.
I know that it will look for some simple tool which can use the SPF Syntax and create SPF Record. You can use the Online tool wizard, it is very simple and gives you the TXT Record that you can update in your DNS of ISP.
How to Check SPF Record?
To check whether SPF record available of your domain or other domains, You can use simple Command to locate the SPF record.
nslookup -type=txt “domainname.com”
Execute the above command by replacing the domain name with your domain without double quotes. You will get the SPF Records like this,
If you see the above images, google uses ~(Tild) which means apart from designated servers, all other mails will get soft fail. wherein other domain tcs.com uses – (Minus) which hard fails the all other senders mails.