Besides Domainkeys and DKIM, SPF record is also a popular method for email authentication. It is strongly recommended to setup SPF record for your domain.
Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators based on sender IP address.
Setup of SPF record is simple, which only requires to deploy a TEXT record in your domain DNS server. Please refer to the
following URL for the details.
http://www.openspf.org/
Open DKIM Manager -> "SPF/DMARC Tool" - > "SPF" -> input your domain and click "Start".
Change SPF options and click "Update", you will get a value in Record Value.
| Parameter | Description |
| a or a:[domain] | If the domain name has an address record (A or AAAA) that can be resolved to the sender's address, it will match. |
| mx or mx:[domain] | If the domain name has an MX record resolving to the sender's address, it will match (i.e. the mail comes from one of the domain's incoming mail servers). |
| ptr or ptr:[domain] | If the domain name (PTR record) for the client's address is in the given domain and that domain name resolves to the client's address (forward-confirmed reverse DNS), match. This mechanism is deprecated and should no longer be used for performance issue. |
| ip4 | If the sender is in a given IPv4 address range, match. |
| ip6 | If the sender is in a given IPv6 address range, match. |
| include:[domain] | If the included (a misnomer) policy passes the test this mechanism matches. This is typically used to include policies of more than one ISP. |
| redirect=[domain] | can be used instead of the ALL-mechanism to link to the policy record of another domain. This modifier is easier to understand than the somewhat similar INCLUDE-mechanism. |
| SPF Action: Netural | No policy (not recommended) |
| SPF Action: Soft Fail | If the SPF is not passed, the email should be marked as junk/spam. |
| SPF Action: Hard Fail | If the SPF is not passed, the email should be rejected |
If your domain is hosted by Windows DNS Server in local LAN. After you get SPF Record Value in DKIM Plugin Manager, you can click "Deploy SPF", input your DNS server address and choose the DNS zone, SPF record will be deployed to DNS server automatically.
If your domain is hosted by www.networksolutions.com, you can deploy your public key like this:
If your domain is hosted by GoDaddy, you can deploy your public key like this:
If your domain is hosted by Bind DNS server, you can add SPF record like this: locate your domain's zone file and open it with your preferred editor, then add the following content:
; SPF yourdomain.com. IN TXT "v=spf1 ..."
If your domain is hosted by other ISP, as most ISP provide DNS Web administration to set up SPF record. If you are not DNS server administrator, or your domain is hosted by other DNS server, please send the information in Record Name and Record Value to your domain DNS server administrator for assistant.
If you have any problem in DomainKeys/DKIM/SPF/DMARC record implementation, please contact support@emailarchitect.net.
See Also
Setup DomainKeys/DKIM
Deploy Public Key in DNS server
Test DomainKeys/DKIM signature
Troubleshooting
Using Selector
Using Sender Rule
Server Core and Installer Command Arguments
Set up DMARC record
Appendix - DKIM/SPF/DMARC Inbound Authentication in Exchange Server
Appendix - Use DkimPowerShell Module in PowerShell
Online
DKIM in IIS SMTP Service - Tutorial
DKIM in Exchange Server 2003 - Tutorial
DKIM in Exchange Server 2007/2010/2013/2016/2019 - Tutorial
DKIM/SPF/DMARC Inbound Authentication in Exchange Server
Bulk Email Sender Guidelines