What is an SPF record and why do we use it?

An SPF record (Sender Policy Framework) is a type of record in the DNS zone of the domain name. SPF records help identify from which SMTP servers your emails leave. You may have noticed that, at times, you receive spam emails sent to you from yourself. This happens because spammers set your email address as the sender to make it difficult to manage the spam you receive. Imagine how difficult it is to add your own email address, for example, to a blacklist so that emails sent by you go to the Junk folder. 

How SPF works 

When a user sends an email to a recipient, the following check occurs: When receiving the email, the recipient's incoming mail server asks its DNS if the IP from which the email was sent matches the IPs analyzed by the SPF records of the sender's domain. 

This check produces four possible results for the variable "Received-SPF” in the email header: 

The possible values are: 

1. a) pass
   b) neutral
   c) softfail 
   d) fail 

Depending on the settings of the Inbound Server, the email is either rejected, or it is further checked by other software that may be running on the same server (e.g. SpamExperts) since it is now properly flagged, or it is delivered to the sender to be filtered by applications on the user's PC (e.g. AntiSpam applications). 

What are the SPF records and some examples 

A complete SPF record in the DNS zone is a TXT record with the format: v=spf1 [[pre] type ] … [mod] and it eventually looks like this: 

domain.gr 3600 IN TXT "v=spf1 ip4:987.654.32.10-all” 

In the SPF record example above, we indicate from which mail server(s) the emails of all the accounts belonging to our domain are sent. 

Examples: 

If we want to indicate that our emails leave only from a mail server (SMTP) that "listens" to our server address, e.g. from 987.654.32.10, then the record should  be: 

 v=spf1 ip4:987.654.32.10-all (-all means that all of our emails leave only from that IP) 

If we want to indicate that our emails leave only from the mail servers for which we have made an MX record in our domain, the record will be: 

 v=spf1 mx -all 

We can combine the above, i.e. we can say that our emails leave from all the servers we have indicated with MX record and (by putting "+", which is default) from one more specific IP,  987.654.32.10, and only from those. Then, the record would be: 

v=spf1 +mx +ip4:987.654.32.10-all 

There are also a lot of other options, such as setting ipv6 as well as ptr. With a ptr addition we can indicate that our emails can leave from the server for which there is a specific reverse DNS record. E.g. 

 v=spf1 mx ptr ip4:987.654.32.10ptr:domain.gr -all 

The above record indicates that the emails leave either from all the email servers for which there are MX records or from the IP 987.654.32.10, as well as the IP that is resolved by the ptr record of domain.gr 

In addition, we can use the option “a” that, together with “mx”, is a safer setting, e.g. 

v=spf1 a mx -all 

That indicates that our emails leave only from servers with IPs that exist in the "A" and "MX" type zone records of our domain. 

All the above work perfectly when you use the SMTP of your domain name. However, sometimes you send your emails from your ISP's SMTP. In that case, you can add your server's IP. However, that does not block spammers who send spam using the same ISP as you. Of course, Greek ISPs have security measures and various limits that prevent spamming by their subscribers. 

If you also send emails from the provider you are connected to, the record should look like this: 

v=spf1 a mx a:smtp.yourisp.com -all 

At Papaki, and specifically on all our Linux servers, the SPF record is already installed. 

How do I add an SPF record in Plesk? 
In order to add an SPF record in Plesk, follow the instructions described here.