For additional guidance, check out our community articles detailing the process of migrating from your current platform to Carbonio CE.
For enterprise-level requirements and advanced features, consider checking out Zextras Carbonio – the all-in-one private digital workplace designed for digital sovereignty trusted by the public sector, telcos, and regulated industries.
SPF or Sender Policy Framework is an email authentication method that identifies which mail servers are allowed to send emails on behalf of your domain. I can forge an email header to pretend it has been sent from an address on your domain which is called a spoofing attack. SPF record contains information of only mail servers that are allowed to send emails on behalf of your domain and prevents spammers like me from spoofing your domain. It can be done by comparing the SPF record with the mail server information of the sender. If they don’t match, the email will be identified as unauthorized and will send it to spam or reject completely.
How to Configure SPF for Outgoing Emails
Configuring SPF for outgoing emails will increase the email reputation of your emails since the receiving server would be able to verify your email SPF record.
To set up SPF for outgoing emails you need first to create the SPF rule then add it to your DNS.
1. Create your SPF rule
- Start with the SPF version, for example, v=spf1 for version 1.
- Add all IP addresses that are authorized to send emails on your behalf, for example,
v=spf1 ip4:34.243.61.237 ip6:2a05:d018:e3:8c00:bb71:dea8:8b83:851e - Include tag for every third-party organization that is used to send emails on your behalf, like
include:thirdpartydomain.com, alternatively, ignore the include tag if there is no third-party organization. - End your rule with an
~all,-all, or+alltag. The-alltag means fail (servers that aren’t listed in the SPF record are not authorized to send emails). The~allmeans softfail (If the email is received from a server that isn’t listed, the email be accepted but marked), the+allallows any server to send email from your domain (which should never be used).- For example, if you want only your cloud server (incoming mail exchange (MX)) and no other mail servers to be authorized your rule would be
v=spf1 mx -all, if you want your cloud server and Microsoft Exchange Online mail server but no other mail servers to be authorized your rule would bev=spf1 include:spf.protection.outlook.com -all. If you are using external services like Mailchimp, Salesforce, Google Apps, etc. add them in the include part, for example,include:servers.mcsv.netfor Mailchimp,include:_spf.salesforce.comfor Salesforceinclude:_spf.google.comfor Google Apps.
- For example, if you want only your cloud server (incoming mail exchange (MX)) and no other mail servers to be authorized your rule would be
2. Add your SPF rule to the DNS
- Access your DNS provider, for example, GoDaddy, Network Solutions, etc.
- Access your DNS Management or something like name server management.
- Add a new TXT entry.
- Set the Record Type to TXT.
- Insert @ in the Hostname field to map the record directly to your domain name.
- Insert the created SPF rule in the TXT Value field.
- Assign the Time to Live (TTL), for example, let’s use 3600s.
- Save the entry.
How to Verify Your SPF
The next step would be testing your SPF to see if it works. To do so, please see How to Verify Your SPF Record.
