Implement SPF records for Email Security.cloud
search cancel

Implement SPF records for Email Security.cloud

book

Article ID: 161394

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

A Sender Policy Framework (SPF) record is a type of Domain Name Service (DNS) TXT record that identifies which mail servers are permitted to send email on behalf of a domain. SPF records detect and prevent spammers from sending messages with forged "From" addresses on a domain.

Symantec recommends that you include Symantec Email Security.cloud references in your SPF Record, even if your email is not generally routed outbound through Symantec.cloud. Including these references help prevent situations where email flows through Symantec servers for other reasons, such as email sent to another customer.

Implementing the SPF record also helps Symantec.cloud more accurately detect spoofed messages that pretend to be from your domain.

Resolution

Implement SPF records

  1. Log in to your domain host account.
    See Find my domain host.
  2. Navigate to your domain host's DNS or Name Server management page.
  3. If you do not have other servers to authorize, you can set up the following string in the applicable zone file as a TXT Record. This string publishes the records in test mode (i.e. soft mode).

    v=spf1 include:spf.messagelabs.com ~all

    Note: Publishing in soft mode is primarily for testing purposes, and does not stop email spammers.
     
  4. Once you have confirmed that the record works as intended through test mode, you can publish in hard mode. This indicates to the receiving server that if the IP address is not authorized within this record, the server should discard the message:

    v=spf1 include:spf.messagelabs.com -all

    Note: SPF consists of a number of variables that can be set on a trial basis when in test mode. When you switch from the test mode to the hard rule, the variables are enforced.
     
  5. If you have other servers to authorize such as Microsoft Office 365, they can be included in your record based on the set-up as advised by the server's administrator. However, you must ensure that your record also contains the following entry:

include:spf.protection.outlook.com

The final record should look as shown below:

v=spf1 include:spf.messagelabs.com include:spf.protection.outlook.com -all
  1. Once the SPF record is published, ensure that Symantec.cloud is checking the SPF record for incoming email. To validate this, log in to the Symantec.cloud console, and check the SPF setting under Services > AntiSpam.
  2. Please ensure there is only one SPF record published in your DNS per domain. All your authorized servers should be listed in a single SPF record.

Note: SPF consists of a number of variables that can be set on a trial basis when in test mode. When you switch from the test mode to the hard rule, the variables are enforced.

Find my domain host

  1. Go to the ICANN Whois Lookup website.
    ICANN is a non-profit organization that compiles domain information.
  2. Enter your domain name, and click Lookup.
  3. Type the CAPTCHA text if prompted.
  4. In the results page, look for the Registrar section for the name of your domain host. For example:
    • Registrar: GoDaddy.com, LLC
    • Registrar URL: http://www.godaddy.com

Add SPF records for common hosts

Technical Information

A sender policy framework (SPF) record is an authentication protocol that helps prevent email spammers from forging the RFC 5321 MailFrom field (also known as the envelope sender) in an email. SPF enables the owner of a domain to specify which mail servers are allowed to send mail on that behalf of the domain.

The principle of operation is as follows:

  1. An email is sent to a recipient performing SPF validation.
  2. The recipient obtains the DNS records of type TXT for the sending domain, looking for an SPF record.
  3. The receiver compares the IP address of the sender against what is authorized in the domain's SPF record.
  4. SPF either passes or fails validation, depending on whether or not the sending IP address is found in that record.