{"id":1554,"date":"2020-09-24T13:26:07","date_gmt":"2020-09-24T11:26:07","guid":{"rendered":"https:\/\/itsimple.info\/?p=1554"},"modified":"2024-11-12T15:52:17","modified_gmt":"2024-11-12T13:52:17","slug":"how-to-create-spf-dns-record-for-better-email-security","status":"publish","type":"post","link":"https:\/\/itsimple.info\/?p=1554","title":{"rendered":"How To Create SPF DNS Record for better Email Security"},"content":{"rendered":"<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Sender_Policy_Framework\"><b>Sender Policy Framework<\/b> (<b>SPF<\/b>)<\/a> is an <a title=\"Email authentication\" href=\"https:\/\/en.wikipedia.org\/wiki\/Email_authentication\">email authentication<\/a> method designed to detect forging sender addresses during the delivery of the email.<sup id=\"cite_ref-Carranza,_DigitalOcean,_2013_1-0\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Sender_Policy_Framework#cite_note-Carranza,_DigitalOcean,_2013-1\">[1]<\/a><\/sup> SPF alone, though, is limited only to detect a forged sender claimed in the envelope of the email which is used when the mail gets bounced.<sup id=\"cite_ref-Carranza,_DigitalOcean,_2013_1-1\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Sender_Policy_Framework#cite_note-Carranza,_DigitalOcean,_2013-1\">[1]<\/a><\/sup> Only in combination with <a title=\"DMARC\" href=\"https:\/\/en.wikipedia.org\/wiki\/DMARC\">DMARC<\/a> can it be used to detect the forging of the visible sender in emails (<a title=\"Email spoofing\" href=\"https:\/\/en.wikipedia.org\/wiki\/Email_spoofing\">email spoofing<\/a><sup id=\"cite_ref-:1_2-0\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Sender_Policy_Framework#cite_note-:1-2\">[2]<\/a><\/sup>), a technique often used in <a title=\"Phishing\" href=\"https:\/\/en.wikipedia.org\/wiki\/Phishing\">phishing<\/a> and <a title=\"Email spam\" href=\"https:\/\/en.wikipedia.org\/wiki\/Email_spam\">email spam<\/a><\/p>\n<p>SPF is a DNS TXT record. The right syntax can be achieve through online SPF wizards, just follow the instraction on the wizrads :<\/p>\n<pre><a href=\"https:\/\/www.spfwizard.net\/\"><span style=\"color: #0000ff;\">https:\/\/www.spfwizard.net\/<\/span><\/a>\n\n<a href=\"https:\/\/mxtoolbox.com\/SPFRecordGenerator.aspx\"><span style=\"color: #0000ff;\">https:\/\/mxtoolbox.com\/SPFRecordGenerator.aspx<\/span><\/a>\n\n<a href=\"https:\/\/www.spf-record.com\/generator\"><span style=\"color: #0000ff;\">https:\/\/www.spf-record.com\/generator<\/span><\/a>\n\n<a href=\"https:\/\/www.zerobounce.net\/services\/spf-generator.html\"><span style=\"color: #0000ff;\">https:\/\/www.zerobounce.net\/services\/spf-generator.html<\/span><\/a><\/pre>\n<p>Next you will have to take the text line and create TXT record on you domain DNS provider. Few things to pay attentions to:<\/p>\n<ol>\n<li>SPF DNS resolving should never be more then 10 &#8211; each setting like: a, mx, ipv4, is one resolve, &#8220;include&#8221; option might add the domain you include and all the resolving in it so be aware of that.<\/li>\n<li>Do not do loop resolving &#8211; for example you include your domain and a &#8220;mx&#8221; or &#8220;a&#8221; option pointing to the same server or ip<\/li>\n<li>&#8220;include&#8221; option can be add twice only ! &#8211; do not use &#8220;include&#8221; more the 2 times as the resolving time will be to long.<\/li>\n<li>&#8220;PTR&#8221; option is deprecated &#8211; try not using this option as it is not safe enough.<\/li>\n<li>IPV4 option get resolved faster &#8211; better if you have long record.<\/li>\n<li>Do not have more the one SPF record &#8211; More then one SPF DNS TXT record will cause error in auth mechanism.<\/li>\n<\/ol>\n<p>Once you created the record you must check the validity of the SPF record, you can do it online on this sites:<\/p>\n<pre><a href=\"https:\/\/www.spf-record.com\/analyzer\"><span style=\"color: #0000ff;\">https:\/\/www.spf-record.com\/analyzer<\/span><\/a>\n\n<a href=\"https:\/\/www.kitterman.com\/spf\/validate.html?\"><span style=\"color: #0000ff;\">https:\/\/www.kitterman.com\/spf\/validate.html?<\/span><\/a>\n<br \/><a href=\"https:\/\/toolbox.googleapps.com\/apps\/checkmx\">https:\/\/toolbox.googleapps.com\/apps\/checkmx<\/a><br \/>\n<a href=\"https:\/\/www.spf-record.de\/spf-lookup\/\"><span style=\"color: #0000ff;\">https:\/\/www.spf-record.de\/spf-lookup\/<\/span><\/a><\/pre>\n<p>\u00a0<\/p>\n\n\n<p>To Create Dmarc record you can use this web site :<\/p>\n\n\n\n<p class=\"has-vivid-cyan-blue-color has-text-color has-link-color wp-elements-07d60a06fac3b8a4b09d1d3cb52704d5\"><a href=\"https:\/\/easydmarc.com\/tools\/dmarc-record-generator\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/easydmarc.com\/tools\/dmarc-record-generator<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/dmarcian.com\/dmarc-record-wizard\">https:\/\/dmarcian.com\/dmarc-record-wizard<\/a><\/p>\n\n\n\n<figure class=\"wp-block-pullquote has-vivid-green-cyan-color has-text-color has-link-color has-large-font-size wp-elements-913a8d28a4fab8f1d7b7023910a23e04\"><blockquote><p>Good Luck<\/p><\/blockquote><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email.[1] SPF alone, though, is limited only to detect a forged sender claimed in the envelope of the email which is used when the mail gets bounced.[1] Only in combination with DMARC can it be [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,12,1,14,15],"tags":[],"class_list":["post-1554","post","type-post","status-publish","format-standard","hentry","category-tech","category-tutorials","category-uncategorized","category-windows","category-windows-server"],"_links":{"self":[{"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/posts\/1554","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itsimple.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1554"}],"version-history":[{"count":2,"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/posts\/1554\/revisions"}],"predecessor-version":[{"id":2866,"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/posts\/1554\/revisions\/2866"}],"wp:attachment":[{"href":"https:\/\/itsimple.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itsimple.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itsimple.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}