Basically, an SPF (Sender Policy Framework) record is a specification of what servers are allow to send mail for a given domain name. Setting up an SPF record is the current standard for preventing spoofing — when a user receives email that appears to have originated from one source when it actually was sent from another.

Spoofing usually poses a problem for users who have a default/catch-all address set up and start receiving a bunch of return error messages for emails that they didn’t even send, or when a user tries to send mail to another mail server that requires an SPF record to verify its source. Hotmail is a good example, because as of lately they require that senders include a Sender ID/SPF or else the mail will be routed as junk.

Keep in mind that when an SPF record is installed on a user’s domain, forwarders, relaying, and Exim IP changes can affect how email is delivered!

 

Generating an SPF Record

An SPF record can easily be generated on this site:

http://openspf.org/

Question 1: A-Record

v-nessa.net's IP address is 216.134.252.71 (vps.v-nessa.net).
Does that server send mail from covad.net?

The wizard will attempt to resolve the domain to an IP, then do a rDNS on the IP for a hostname. Click YES

Question 2: MX-Record

This wizard found 2 names for the MX servers for v-nessa.net: vps.v-nessa.net and v-nessa.net.
MX servers receive mail for v-nessa.net.
Do they also send mail from v-nessa.net?

In most cases, this will be true. Exceptions for this is if the user has an irregular MX record modification, or is using another outgoing mail server or domain to send mail.

Question 3: PTR

Do you want to just approve any host whose name ends in v-nessa.net?

Typically, you do not want to enable this setting unless the user has mail accounts set up for subdomains or has domains that are similar in ending that need to relay through this domain.

Question 4: A subs

Do any other servers send mail from v-nessa.net?

The answer is usually no. The only other server that would send on behalf of that domain would be the servername, but this was already allowed in question 1. If the user is using their ISP or another mail service for outgoing mail, those will need to be added later. The next two fields can be left blank, unless the user specifically has the information to add to them.

Question 5: Include

Could mail from v-nessa.net originate through servers belonging to some other domain?

Fill in this field mainly if the user is planning on using another mail server or domain (such as their ISP, etc) to send mail. Otherwise say no.

Question 6: ~all

Do the above lines describe all the hosts that send mail from v-nessa.net?

Check your answers and hit yes.
At the bottom of the page you’ll see the nicely-generated SPF record that will look something like this:

"v=spf1 a mx ~all"

Adding the Zone Entry

You can add the SPF record either WHM (easy) or manually in the zone file of that domain (Not as easy).

The line will look something like this:

v-nessa.net. 14400 IN TXT "v=spf1 a mx ~all"