A Sender Policy Framework (SPF) record is a type of Domain Name Service (DNS) TXT record that identifies which mail servers are permitted to send email on behalf of a domain. SPF records detect and prevent spammers from sending messages with forged "From" addresses on a domain.
Symantec recommends that you include Symantec Email Security.cloud references in your SPF Record, even if your email is not generally routed outbound through Symantec.cloud. Including these references help prevent situations where email flows through Symantec servers for other reasons, such as email sent to another customer.
Implementing the SPF record also helps Symantec.cloud more accurately detect spoofed messages that pretend to be from your domain.
v=spf1 include:spf.messagelabs.com ~all
v=spf1 include:spf.messagelabs.com -all
If you have other servers to authorize such as Microsoft Office 365, they can be included in your record based on the set-up as advised by the server's administrator. However, you must ensure that your record also contains the following entry:
The final record should look as shown below:
v=spf1 include:spf.messagelabs.com include:spf.protection.outlook.com -all
Note: SPF consists of a number of variables that can be set on a trial basis when in test mode. When you switch from the test mode to the hard rule, the variables are enforced.
A sender policy framework (SPF) record is an authentication protocol that helps prevent email spammers from forging the RFC 5321 MailFrom field (also known as the envelope sender) in an email. SPF enables the owner of a domain to specify which mail servers are allowed to send mail on that behalf of the domain.
The principle of operation is as follows: