How To Configure Zimbra SPF to Check Incoming Emails? | Zimbra

Alert! This article is written for Zimbra OSE users. As of December 2023, Synacor will no longer be providing support for Zimbra OSE. You might want to consider trying out Carbonio Community Edition – Zextras’s free and open-source email and collaboration platform.

For additional guidance, check out our community articles detailing the process of migrating from your current platform to Carbonio CE.

SPF or Sender Policy Framework is an email authentication method that identifies which mail servers are allowed to send emails on behalf of your domain. I can forge an email header to pretend it has been sent from an address on your domain which is called a spoofing attack. SPF record contains information of only mail servers that are allowed to send emails on behalf of your domain and prevents spammers like me from spoofing your domain. It can be done by comparing the SPF record with the mail server information of the sender. If they don’t match, the email will be identified as unauthorized and will send it to spam or reject completely.

How to Configure SPF to check Incoming Emails

By configuring SPF for checking incoming emails, you can reject incoming emails with no SPF record. In this section, we learn how to enable SPF to check incoming emails.

To set up SPF to check incoming emails we use CBPolicyd WebUI to create a new policy (to learn how to enable WebUI you can read Enabling CBPolicyD WebUI). To create a new policy follow these steps:

  1. Create Group
    • Select Policies | Groups.
    • From Action, select add a group with the name list_domain.
    • Select the new group.
    • From Action, select members and insert your domain.
  2. Create Policy
    • Select Policies | Main.
    • Add Policy with the Name check-spf and Priority 20 and Submit.
    • Select the new policy.
    • From Action, select members and insert our group name in the Source and Destination.
  3. Create SPF Check
    1. Select SPF Checks | Configure.
    2. From Action, select Add and set the Name and Link to policy to check-spf, and others to Yes and Submit.
  4. Enable CBPolicyd checkspf and restart CBPolicyd service
su - zimbra
zmprov ms `zmhostname` zimbraCBPolicydCheckSPFEnabled TRUE
zmcbpolicydctl restart
Download Zextras Suite for Zimbra OSE



Hi, when you say "will send it to spam or reject completely." , how does that work? Will it go to spam or be rejected??

Hi, both may happen based on your CBPolicyD configurations, including hold, reject, drop, filter, redirect, etc.

Post your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

How To Configure Zimbra SPF for Outgoing Emails? | Zimbra
How To Configure Zimbra DMARC? | Zimbra