- Plesk for Linux
- Plesk for Windows
What is SPF and how to configure it on a Plesk server?
SPF (Sender Policy Framework) is a system that ensures emails are genuine by comparing them against a TXT list of approved senders. Senders are published in the DNS record. These DNS entries can be trusted because owners and administrators are the only individuals allowed to make them.
To access SPF configuration form, log in to Plesk > go to Tools & Settings > Mail Server Settings and specify the required options in the SPF spam protection section.
Once the SPF resource is enabled, a DNS TXT record will be created for each A and MX records at Domains > example.com > DNS Setings.
DNS TXT records have the following format:
CONFIG_TEXT: example.com IN TXT "v=spf1 spf_string"
Here, spf1 is SPF version, and spf_string takes the combination of the so-called mechanisms:
CONFIG_TEXT: a, ptr, mx, ip4, include, all
Where all is a finalizing mechanism and must be placed at the end. Each mechanism may have a prefix pointing to a certain type of processing messages:
CONFIG_TEXT: '-' fail (message is rejected)
'~' softfail (message is passed with warning)
'+' pass (message is passed - the default prefix value)
'?' neutral The simplest (and most popular)
An SPF record will look like:
CONFIG_TEXT: example.com IN TXT "v=spf1 mx -all"
This means that mail from firstname.lastname@example.org can be sent only from his MX record. There can be used other options. If other servers send mail from domain.com, you can describe them by giving "arguments" to the a:, mx:, ip4:, and ptr: mechanisms. mx: takes domain names and approves all the MX servers of these domains. Example:
CONFIG_TEXT: "v=spf1 a mx a:example.com -all"
Mail can be sent from his MX and from example.com server.
To set both ipv4 and ipv6 SPF records, the following syntax can be used:
CONFIG_TEXT: "v=spf1 ip4:XX.XX.XX.XX ip6:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX ~all"
CONFIG_TEXT: "v=spf1 ip4:203.0.113.2 ip6:2001:db8:f61:a1ff:0:0:0:80 ~all"